Notable brands like Target, Neiman Marcus, PF Chang?s, Staples, Michaels Stores, and Home Depot have all have become victims of point of sale (POS) security breaches targeting consumer payment card data.
In the majority of cases, POS attacks take place due to malware infections. During the past few years there has been a considerable rise in malware families including POSCardStealer, Dexter, Alina, vSkimmer, ProjectHook, BlackPOS and others, many of which can be easily purchased online.
According to the 2014 Verizon Data Breach Investigations Report (DBIR), 198 total incidents related to POS intrusions were reported.
ABI Research expects the total number of POS related security incidents with confirmed data exposure will hit 600 by the end of 2015.
The most sophisticated attacks are highly targeted, deploying hard-to-detect, customized malware, and requiring substantial lateral movement within a compromised network for effective detection.
Smaller businesses that do not have dedicated information security resources to help secure their retail environments are at increased risk.
The rising intensity of POS related malware attacks have led to the demand for security solutions aimed at protecting the POS environment.
PCI compliance is another key market driver pressuring enterprises to deploy security solutions to protect card data at POS. Players like Intel Security, Ingenico, VeriFone, Trend Micro, Bit9 + Carbon Black, Cisco, Symantec, Check Point, Juniper Networks, Fortinet, HP, Palo Alto Networks, Dell SecureWorks and others offer innovative and interesting security solutions aimed at the POS market.
One of the key technologies that can be deployed to protect POS is network segmentation that can be achieved by deploying a next-generation firewall (NGFW).
Once unauthorized access is gained, network segmentation can provide effective controls to mitigate the next step of a network intrusion and limit further movement across the network.
?The key advantage that NGFW provides for network segmentation is application servers and data can be designated in different segments based on their risk factors and security classifications, with access to them tightly controlled,? said Monolina Sen, ABI Research?s senior analyst in digital security.