Managed Firewall for Financial Applications
News of the second Kmart credit-card breach in three years at the retailer and the number of breaches at financial institutions doubling this year over the same period 2016 should raise security concerns.
Last month, Sears Holdings, the parent company of Kmart, confirmed it experienced another malware-based data breach of its card processing systems, which were infected with a form of malicious code, The company did not reveal how many of its 735 Kmart locations saw signs of a breach.
The total number of breaches in the U.S. captured in the 2017 ITRC Breach Report from the San Diego-based Identity Theft Resource Center now totals 698, out of which 36 incidents took place at financial institutions, twice as many as last year for the same period and affected a reported 520,000 records.
Rebecca Herold, president of the Des Moines, Iowa-based SIMBUS and CEO of The Privacy Professor, listed three risky ways credit unions card breach risk increases:
– Credit unions need to switch to chipped cards instead of the magnetic strip cards if they are still using them.
– Many credit union clients, who are small to mid-sized businesses, use POS devices and systems to collect payments, with poor, and sometimes no, information security or privacy controls in place on their POS network, systems and devices.
– Too many businesses believe their POS vendors have all the security issues they need in places without checking to verify that that they actually do. “This is a very bad, and risky, assumption!”
Herold also pointed out malware sometimes gets loaded, through third parties; employees with who fall victim to phishing scams, or malicious insiders who see an opportunity to collect data to sell to others, or to hurt their employer.
John Christly, Global CISO, Netsurion, a provider of managed security services for multi-location businesses, and EventTracker, a SIEM company, noted:
“All retailers should start by deploying a managed firewall across all locations.” These firewalls monitor payment card processing activity to ensure that malware is not entering, and sensitive data is not exiting, the network. “The latest string of breaches, however, reiterates that multi-location retail security requires a new approach, beyond the minimums of maintaining PCI compliance and implementing a managed firewall.”
Source | Credit Union Times