Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
An analysis of more than 1,900 penetration tests and 200 actual security breaches over the past year has shown that more than four out of five security problems are down to third-party suppliers.
The survey by payment security firm Trustwave showed that third-party systems were responsible for 81 per cent of the security breaches, and that point-of-sale (POS) devices accounted for 83 per cent of that total.
"POS systems represent the easiest method for criminals to obtain the magnetic stripe data necessary to commit card-present fraud," said Trustwave in its 2010 Global Security Report.
"Due to the common existence of well-known vulnerabilities and the sheer volume of potential targets, software POS systems are considered low-hanging fruit to even the novice attacker."
More than two thirds of attacks used memory parsers, an application designed to monitor RAM activity and steal financial data. Key-loggers accounted for 18 per cent of attacks, and network sniffers nine per cent.
The report also suggested that hardware manufacturers need to be more vigilant when it comes to security.
"We believe that hardware tampering will grow over the next several years. The prize target for any organised crime group would be to infiltrate the device manufacturing company," said the report.
"Given the lax state of security in the world today, a crime organisation would have little trouble executing this attack at one of the second-tier device manufacturing companies, resulting in modified hardware being shipped to customers."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.