Please enable JavaScript.
Coggle requires JavaScript to display documents.
IT security risks and trends (Trends (People-centric security (Strategic…
IT security risks and trends
Trends
Recognition technologies
[the combination of] big data analytics, passive biometric modes and device-embedded public-key credentials to provide trust in a claimed digital identity without the need for any active authentication step by the user.
People-centric security
Strategic approach to information security that emphasizes individual accountability and trust, and de-emphasizes restrictive, preventative security controls.
Detective and reactive controls, and transparent preventative controls, over the use of intrusive preventative controls
PCS principles presume that individuals have the appropriate knowledge about security principles and responsibilities
Threat from POS malware ongoing despite
some positive indicators
Examples in Risks branch
Data stealing for extortion
Risks
Customer data
3rd party risks
As retailers look to exploit the competitive edge they gain from the customer data, they are leveraging the expertise of third parties such as analytics specialists and social marketers. This means that retail organizations are becoming trapped in interconnected value chains where sensitive data is shared
Interconnected value chain
Point-Of-Sale security
Malware designed to extract customer payment card data and send it back to a command and control server controlled by the attackers
EXAMPLE: Trojan scans infected endpoints for strings that may indicate it has landed on a POS endpoint and, when it finds one, it deploys a RAM-scraping plugin to siphon payment card data.
New POS malware family emerging at year end 2016
In 2016 there have been fewer new malware variants
targeting POS systems but the threat is still signigicant
Loyalty programs vulnerabilities & abuse
Phishing
Brute force attacks
Factors
Nonexistent or inadequate password policies
Poor application design
Poor network security monitoring
Non-existent or poor fraud detection
Fraud
Non-monetary fraud
Sharing of loyalty discount codes
Voucher schemes
Fraud in omnichannel environment (!)
Production process
Internet of Things risks
Networked appliances and devices are ‘endpoints’ in a system, and are exposed to malware threats
Reputation risks