Lightweight security for point of sale systems continue to be a major vulnerability for retailers and businesses in the hospitality industry.
The research for Verizon’s annual breach report says that SMBs fall prey to POS breaches that typically take the following path:
- POS server is visible to all on the internet.
- POS has a default login.
- Attackers take advantage of No. 1 and No. 2 to install malware.
- Malware scraps payment card data as it’s processed.
But it’s not enough to just put a POS system behind a firewall and enforce proper password protections. As attacks on larger organizations that had done so found, Verizon noted in its “2016 Data Breach Investigation Report.”
If they couldn’t easily breach a POS system directly, hackers compromised one-factor authentication in an organization and then used the stolen credentials to get into it from another internal foothold, Verizon researchers found.
For more on how small businesses can improve their security posture, check out "5 Cybersecurity Priorities for Every SMB in 2017."