Ram scraping malware can lead to a potentially devastating data breach
(The following article is taken from the Linked In page of Chris Stallard a Principal at the Cyber Insurance Consultant based out of Sydney, Australia.)
If we consider how much data and information flow exists day to day on a global scale, it would be all too easy to adopt the herd mentality. Safety in numbers is a common, but poor, approach to Cyber security. In insurance terms this is known as the “It won’t happen to me” risk management manual i.e. clients who are more than willing to take on chance, head-on, not considering what would happen if chance won.
I’m going to start by throwing some facts at you:
• Hackers/scammers/hactivists, by and large, don’t care about who you are or what you do, they only care that you are willing to allow them access i.e. allow vulnerabilities to exist
• There will always be someone in your team, organization, etc. an employee that will click a link
• Weak password and ID set-ups continue to rank as the highest reasons for system access
• Regulatory/operational compliance e.g. PCI-DSS, continue to return ‘fail’ in compliance audits
• Effective Board and IT collaboration will improve a company’s resilience score
What does this mean for a café, shoe shop, accountant, body shop etc etc?
We all happily hand over our debit and credit cards to business owners and their employees. We enjoy that first sip of morning coffee as the barista cheerfully runs your magnetic strip through the machine. So where’s the concern? There are millions of these terminals, aren’t they secure?
Simply put, POS terminals are systems that capture and send credit card information. They utilize internet connections and given they operate under a program, they are essentially a computer.
There are Malware programs out there that exploit the POS terminal RAM. This “RAM Scraping” Malware exploits the millisecond that usually encrypted information is used by the terminals RAM. Bottom line is, some bad software can capture a credit card number, CVV and expiry date and then this can be retrieved by or sent to the bad guys.
Once this happens, the client has a BREACH!
Your business is your livelihood. Secure your business’s future by learning what you can do to protect your company from a potentially devastating data breach. It only takes one infected machine to take down an entire company.
The best way to determine your specific risks and liabilities is to talk to a data breach insurance expert. Consult with your Account Manager at McSweeney & Ricci Insurance Agency to tailor a data breach insurance policy to fit your specific business needs.