STAMFORD, Conn. -- Last week, CSP Daily News featured a story of the threats posed by data theft and the shortcomings of many gas station and convenience store pump and point-of-sale (POS) security systems. In an exclusive followup interview,analyst Avivah Litan, vice president of Gartner Inc., Stamford, Conn., explains how retailers can fill in the security gaps.
Gartner predicts that by next year, most data theft attacks against retailers will be directed at their POS terminals, and only 30% of POS software will be compliant with the prevailing security [image-nocss] standards by 2009. In the end, enterprises that want to protect their data, systems and applications must adopt a layered security approach, Litan said.
There are no silver bullets' to good security, and multiple layers and applications must be employed, she said.
These include:
Data protection measures (for example, encryption), access controls and activity monitoring, which enforce rules such as segregation of duties.
Building security into the application development process so that vulnerabilities are discovered before the code is deployed. A variety of security source code scanners and Web application security scanners make this job easier through the use of specialized automated tools.
Firewalls placed appropriately in front of applications and in front of external-facing servers.
Content monitoring and filtering (CMF) that monitor structured and unstructured data passing in and out of the enterprise.
HIPS, SIEM and fraud detection systems
User authentication and transaction verification systems.
Implementing security is cheaper in the long run than having a data breach, which can be expensive and hurt a company's reputation, according to Litan. Gartner calculates that a data breach costs companies around $300 per exposed account because of investigations, fines and lawsuits. On the other hand, beefing up security costs around $16 per account for the first year, and that cost falls over time, Litan said.
To read last week's original story of the threats retailers face, click here.
For an in-depth look at how identity theft is affecting retailers, watch for the July issue of CSP magazine.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.