McAfee announced yesterday that it has sponsored a report with the IHL Group, a global research and advisory firm specializing in technologies for the retail and hospitality industries, entitled “Store Systems Security: Preparing for the Paradigm Shift” that assesses retailer security and the approaches used to safeguard retailer transactional systems. The report found that security must evolve rapidly in order to protect vendors and consumers.
One of the report’s key findings was that retailers need to take into account a store’s device ecosystem and develop a comprehensive plan to secure those devices. In addition, they also need to create adequate controls to manage store system variability. If they do not do either of those things, security costs will quickly rise to unmanageable levels. Security strategies need to evolve faster than the devices they safeguard. Although it sounds counterintuitive, staying one step ahead of risks and threats will actually lower security costs for retailers.
Another key finding was that confidence in a store’s digital security is based on device variability. The more device platforms there are in a store, the less secure it will be. While it is difficult to secure several different platforms, merchants need to consider using an MDM system that can provide protection for heterogeneous operating systems.
The report also reviews the approaches retailers are taking to secure devices. Researchers divided retailers into tiers based on annual revenue. Those that ranked in the first tier used whitelisting and anti-virus approaches equally to secure POS systems. However, retailers that earned more than $5 billion in revenue chose whitelisting over anti-virus protection. This data suggests an ongoing strategy shift in POS security. Researchers discovered that retailers’ biggest concern over POS systems was PCI compliance. The second category of concerns was undefined, meaning that merchants are not sure which issues to care most about, only that they should be aware of possible problems.