© 2017 Enterprise Risk Management, Inc.

Security of Things Cybersecurity:

Retail And Hospitality

The Numbers

Industry Risks

PCI DSS

Countering The Threat

Questions

Content

Agenda

Others 45%

Software 10%

Video Games 7%

Telco 5%

Entertainment 3%

Web Hosting 3%

Internet Services 3%

Hotels and Hospitality 8%

Restaurant 3%

E-Commerce 7%

Retail 6%

TOP INDUSTRY TARGETS

24%

Source:Hackmageddon

6.0%

0.5%

1.0%

0.7%

0.0%

14.8%

9.4%

12.8%

9.3%

9.5%

9.8%

23.3%

6.7%

0.1%

0.9%

1.1%

2.1%

12.4%

6.4%

17.5%

9.7%

10.5%

8.8%

24.0%

8.9%

0.0%

0.4%

0.4%

1.8%

4.9%

8.0%

8.4%

11.3%

11.6%

15.1%

33.1%

0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0%

OTHERS

XSS

DNS HIJACKING

MALICIOUS IFRAME

MALVERTISING

DEFACEMENT

MALWARE

SQL INJECTION

DDOS

TARGETED ATTACK

ACCOUNT HIJACKING

UNKNOWN

Top 10 Attack Techniques 2014 vs 2015 vs 2016

2016 2015 2014Source: Hackmageddon

http://www.idtheftcenter.org © 2017 Enterprise Risk Management, Inc.

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

2010 2011 2012 2014 2015 2016

Causes/Type of Breaches (2010 – 2016)

Insider Theft Hacking Data on the Move

Accidental Exposure Subcontractor Employee Negligence

http://www.idtheftcenter.org © 2017 Enterprise Risk Management, Inc.

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

2010 2011 2012 2014 2015 2016

Causes/Type of Breaches (2010 – 2016)

Insider Theft Hacking Data on the Move

Accidental Exposure Subcontractor Employee Negligence

the average data breach

cost per victim, is nearly

$158 per compromised record

© 2017 Enterprise Risk Management, Inc. http://securityaffairs.co/wordpress/24717/security/ponemon-data-breach-study.html

1x Compromised Server

10,000x Stolen Records

Cost Per record

$1,580,000

So you’re telling me that….

© 2017 Enterprise Risk Management, Inc. http://securityaffairs.co/wordpress/24717/security/ponemon-data-breach-study.html

Industry Risks: Retail

Cyber Attacks: Retail

Industry Risks: Hotels

Cyber Attacks: Hotels

PCI DSS

PCI Level Your Business Does: You Need To Perform:

Level 4

< 20,000 eCommerce transactions per year Annual Risk Assessment using SAQ

< 1 Million other transactions per year Quarterly PCI ASV Network Scans

Level 3

>= 20,000 transactions per year Annual Risk Assessment using SAQ

< 1 Million transactions per year Quarterly PCI ASV Network Scans

Level 2

>= 1 Million transactions per year Annual Risk Assessment using SAQ

< 6 Million transactions per year Quarterly PCI ASV Network Scans

Level 1

6 Million transactions per year Annual Internal PCI QSA Audit

Or more Quarterly PCI ASV Network Scans

PCI DSS Compliance Levels

PCI DSS Requirements

• Network Security

• Data Protection

• Vulnerability Management

• Access Control

• Monitoring and Testing

• Security Policy

Network Security

Data Protection

Vulnerability Management

Access Control

Monitoring and Testing

Security Policy

Fortify Your Defenses

- Network Security

- Cloud Security

- Internet of Things

- Policies and Procedures

- BYOD Considerations

- Patches and Updates

- Network Segmentation

- Be The Hacker

- The Human Firewall

Educate Your Customers

- Malware

- Phishing

- Password Attacks

- Denial of Service Attacks

- MITM Attacks

- Drive-by Downloads

- Malvertising

- Rogue Software

Your “go to” advisors for all matters in cybersecurity. www.emrisk.com