cybersecurity: retail and hospitality security of things · 6.7%others 0.1% 0.9% 1.1%malicious...
TRANSCRIPT
© 2017 Enterprise Risk Management, Inc.
Security of Things Cybersecurity:
Retail And Hospitality
The Numbers
Industry Risks
PCI DSS
Countering The Threat
Questions
Content
Agenda
Others 45%
Software 10%
Video Games 7%
Telco 5%
Entertainment 3%
Web Hosting 3%
Internet Services 3%
Hotels and Hospitality 8%
Restaurant 3%
E-Commerce 7%
Retail 6%
TOP INDUSTRY TARGETS
24%
Source:Hackmageddon
6.0%
0.5%
1.0%
0.7%
0.0%
14.8%
9.4%
12.8%
9.3%
9.5%
9.8%
23.3%
6.7%
0.1%
0.9%
1.1%
2.1%
12.4%
6.4%
17.5%
9.7%
10.5%
8.8%
24.0%
8.9%
0.0%
0.4%
0.4%
1.8%
4.9%
8.0%
8.4%
11.3%
11.6%
15.1%
33.1%
0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0%
OTHERS
XSS
DNS HIJACKING
MALICIOUS IFRAME
MALVERTISING
DEFACEMENT
MALWARE
SQL INJECTION
DDOS
TARGETED ATTACK
ACCOUNT HIJACKING
UNKNOWN
Top 10 Attack Techniques 2014 vs 2015 vs 2016
2016 2015 2014Source: Hackmageddon
http://www.idtheftcenter.org © 2017 Enterprise Risk Management, Inc.
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
2010 2011 2012 2014 2015 2016
Causes/Type of Breaches (2010 – 2016)
Insider Theft Hacking Data on the Move
Accidental Exposure Subcontractor Employee Negligence
http://www.idtheftcenter.org © 2017 Enterprise Risk Management, Inc.
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
2010 2011 2012 2014 2015 2016
Causes/Type of Breaches (2010 – 2016)
Insider Theft Hacking Data on the Move
Accidental Exposure Subcontractor Employee Negligence
the average data breach
cost per victim, is nearly
$158 per compromised record
© 2017 Enterprise Risk Management, Inc. http://securityaffairs.co/wordpress/24717/security/ponemon-data-breach-study.html
1x Compromised Server
10,000x Stolen Records
Cost Per record
$1,580,000
So you’re telling me that….
© 2017 Enterprise Risk Management, Inc. http://securityaffairs.co/wordpress/24717/security/ponemon-data-breach-study.html
Industry Risks: Retail
Cyber Attacks: Retail
Industry Risks: Hotels
Cyber Attacks: Hotels
PCI DSS
PCI Level Your Business Does: You Need To Perform:
Level 4
< 20,000 eCommerce transactions per year Annual Risk Assessment using SAQ
< 1 Million other transactions per year Quarterly PCI ASV Network Scans
Level 3
>= 20,000 transactions per year Annual Risk Assessment using SAQ
< 1 Million transactions per year Quarterly PCI ASV Network Scans
Level 2
>= 1 Million transactions per year Annual Risk Assessment using SAQ
< 6 Million transactions per year Quarterly PCI ASV Network Scans
Level 1
6 Million transactions per year Annual Internal PCI QSA Audit
Or more Quarterly PCI ASV Network Scans
PCI DSS Compliance Levels
PCI DSS Requirements
• Network Security
• Data Protection
• Vulnerability Management
• Access Control
• Monitoring and Testing
• Security Policy
Network Security
Data Protection
Vulnerability Management
Access Control
Monitoring and Testing
Security Policy
Fortify Your Defenses
- Network Security
- Cloud Security
- Internet of Things
- Policies and Procedures
- BYOD Considerations
- Patches and Updates
- Network Segmentation
- Be The Hacker
- The Human Firewall
Educate Your Customers
- Malware
- Phishing
- Password Attacks
- Denial of Service Attacks
- MITM Attacks
- Drive-by Downloads
- Malvertising
- Rogue Software
Your “go to” advisors for all matters in cybersecurity. www.emrisk.com