Businesses know about POS security risks, but are they investing wisely?

The majority of organizations have increased their POS security budgets during the last two years, but many of them are still using and investing in outdated technologies, such as antivirus.

A Bit9 + Carbon Black health assessment, which polled 150 U.S. organizations with revenues of at least $250 million in various verticals (with a focus on retail) found:

• 63 percent of organizations have increased their security budgets over the last two years, many of them as a direct result of publicized breaches.
• 94 percent of organizations are running antivirus on all of their POS devices but one in four of those companies (26 percent) feels that antivirus does not adequately protect their POS systems.
• One in four organizations (25 percent) that reported an increase in their security budget continued to invest in antivirus technology.
• Only 38 percent of businesses have detected malware on their POS systems during the last two years.
• Only 39 percent of businesses are using breach detection software.
• More than half (52 percent) of organizations are still running the unsupported Windows XP on their POS devices.

POS systems include a range of hardware devices, such as card readers, scales, scanners, and registers, as well as the software needed to operate them. Increasingly, sophisticated POS systems are linked to inventory management, ordering, and customer relationship management applications. POS systems make it possible for retailers to conduct transactions—most often with credit cards—quickly and easily, providing a smooth and enjoyable customer experience.

The real value in POS systems to hackers is in their financial transactions—specifically the credit card numbers and other personally identifiable information (PII) they process and store. When POS systems are attacked, the price tag for affected businesses can be enormous.

“It’s shocking that even when they have more budget to spend in the fight against malware so many organizations continue to spend it on antivirus, which cannot see or stop today’s advanced threats and targeted attacks,” said Chris Strand PCIP, senior director of compliance and governance for Bit9 + Carbon Black. “It’s no secret that we’re seeing an increase in the number and type of attacks against organizations that use point-of-sale devices. The good news is that more organizations are aware of this and are increasing their budgets. But the fact that only 38 percent of organizations have detected malware on their POS systems during the past two years is a major red flag and points to the ineffectiveness of AV.”