https://attendee.gotowebinar.com/register/8913734536290147842
As the push for EMV acceptance makes its way into petroleum and convenience stores, a vast new array and updated point-of-sale (POS) systems are beginning to emerge from the primary vendors that service these segments. These new/updated POS systems rely heavily on network communications (such as Internet connectivity) for payments processing, as well as remote POS troubleshooting, management and software updates. As this paradigm shift from legacy infrastructure happens, it becomes more important to segment and isolate those POS systems from the rest of the merchant’s equipment and services using the same Internet connectivity within the retail infrastructure. While protection of the store and other devices connected to the Internet (“network”) is still important, it's evident from recent attacks and breaches that attackers are relying mostly on access to unprotected internal systems (such as video surveillance and tank monitoring), rather than attacking the POS directly from outside the merchant’s network. It's still important to protect the network from outside intrusion, and it's becoming ever more important to isolate POS systems from other internal systems that are less hardened and more vulnerable, and as well as more susceptible to breach from "phishing" or "spear phishing" types of attacks. Under these scenarios, attackers are sending general or directed emails with links for unsuspecting users, such as store managers. Once an unsuspecting user clicks on and follows those links, it opens up their PC to the attacker. If that PC is on the same network segment and Internet connection as the store's POS system, then the attacker has an opportunity to launch a persistent attack against the POS system to potentially obtain payment card and personal data. Using network segmentation is not just a means for reducing the assessment scope for PCI-DSS, it's a necessary strategy for providing security, and protecting the POS system and the merchant from attack and breach.
The presenter will be Mark Carl, CEO of EchoSat
https://attendee.gotowebinar.com/register/8913734536290147842