The retail industry is constantly evolving as its customers are increasingly expecting ease of purchase and a more convenient experience to link their in-store and online activity. Information Security risks such as security breaches are now a major concern in the retail industry as repeated cyber-attacks reduce consumer confidence in their brands.
One of the first major retail breaches to hit the headlines was probably Target in late 2013 as they were subject to a data hack at its US stores. Over 40 million customers were exposed to fraudulent activity as malware was introduced to the POS system in around 1,800 stores. A month later, Target went on to admit that a further 70 million customers had their personal information stolen in the same attack.
The 2013 Target breach was linked to a third party contractor having access to the Target network and concerns were raised as to whether Target were in compliance with PCI-DSS at the time of the breach. Although 2013 may seem a long time ago, the risk of vendor or partner access to IT systems have never been more crucial.
The misuse of privilege in the hybrid-cloud world has become one of the most critical security challenges, because uncontrolled access to Privileged Accounts opens a “barn door” through which untrusted 3rd parties can compromise data and inflict cyber-attacks, ultimately causing irreparable damage to the business and its corporate reputation.
A security priority in retail is payment handling, so PCI DSS (Payment Card Industry Data Security Standard) is mandatory. It's a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.
Privileged account abuse presents one of today’s most critical security challenges. Uncontrolled access by insiders or even contractors to these accounts leaves an organisation vulnerable to data leaks and cyber-attacks – ultimately causing irreparable damage to both the business and its’ reputation.
The PCI DSS defines 12 requirements in 6 categories. Privileged Access Security addresses many of the requirements:
If you have any questions or want to speak to one of our representatives, please complete this form and we'll be in touch.
An overview of Osirium Privileged Endpoint Management
An overview of Osirium Privileged Endpoint Management