August 12, 2014, Marvin Sandoval, Sales Associate
Reports of new credit card data breaches seem to be in the news daily. Recent high profile breaches within major retailers this year should serve as a wake-up call to the restaurant and hospitality industries. As a result of having high volumes of credit card transactions and decentralized security practices, criminal organizations have put the restaurant and hospitality industry squarely in their sights. The track data used in U.S magnetic-Stripe cards are still among the most valuable commodities on the black market as it allows criminal organizations to clone cards and quickly exploit them for highest possible financial gain.
For the restaurant and hospitality industries, there are a couple of key questions you might want to ask yourself:
First, are we already compromised? As investigations have shown, sensitive data could have been leaked for months before the compromise is actually caught.
Second, are we doing everything we can to keep from being compromised? The Payment Card Industry Data Security Standard (PCI DSS) is a great baseline, but taking a few extra steps to be secure is what the current climate requires.
Achieving PCI DSS Compliance is not a guarantee that your organization is secure. To minimize risk and decrease your organization’s exposure to cardholder data compromise, Coalfire suggests, at a minimum, that merchants within the restaurant and hospitality industry take the following measures:
Understand the True Scope and Extent of your Cardholder Data Environment. If you mischaracterize or misunderstand how and where cardholder data traverses your environment, then your PCI DSS compliance program may be missing the mark.
Minimize the Amount of Sensitive Data in Your Environment! Is your organization up to speed on new payment technologies such as tokenization, Point-to-Point Encryption and EMV acceptance? These techs can help reduce overall risk and even lower the impact of PCI DSS compliance maintenance. Make sure your trusted security partner is ready to help you with these.
Adhere to the Principle of Defense in Depth. A potential attacker may have the time and resources to circumvent one or two security controls; however, a strong security program with multiple layers of security can help prevent attackers from exploiting sensitive information from your systems.
Physical Security and Awareness Training. As merchants payment systems become “more secure” in the coming years, we’ll see an increase in physical security attacks within retail environments. Are you prepared? What about your employees? Many QSA firms that offer “social engineering” as part of their penetration testing services can help you address these concerns.
Don’t Get Left Behind! Your peers and competitors are rapidly adopting new payment technologies and security programs to ensure they do not become the next headline. What happens to the companies that are left behind? They become the primary target of criminal organizations. Avoid becoming criminals’ “low hanging fruit” by working with your QSA to put new security measures in place. Don't let your organization become “low-hanging” fruit for wrongdoers!
The security threat to the restaurant and hospitality industries is real. For the sake of your customers, employees and shareholders, it is time to stay ahead of the cyber criminals and keep your name out the news.
Marvin Sandoval — Sales Associate
Coalfire started in 2001 with a simple idea – cyber threats are increasing, compliance mandates are getting more complicated, and a well-designed cybersecurity program can help fuel your overall success.
Coalfire helps organizations comply with global financial, government, industry and healthcare mandates while helping build the IT infrastructure and security systems that will protect their business from security breaches and data theft. The company is a leading provider of IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities.
The Coalfire Board of Directors provides invaluable guidance for the organization and reflects Coalfire’s dedication to achieving success for our customers.
Coalfire’s executive leadership team comprises some of the most knowledgeable professionals in cybersecurity, representing many decades of experience leading and developing teams to outperform in meeting the security challenges of commercial and government clients. With diverse backgrounds in IT systems security, governmental security, compliance, and reducing risk while implementing the latest enabling technologies (such as the Cloud and IoT), our leaders understand the challenges customers face.
With a passion for quality, Coalfire uses a process-driven quality approach to improve the customer experience and deliver unparalleled results.
Created in honor of the late co-founder of Coalfire, the Richard E. Dakin Fund at The Denver Foundation is supporting scholarship programs at several universities for promising college students studying cybersecurity and related fields.
Security is a team game. If your organization values both independence and security, perhaps we should become partners.
The increased need for cyber security has become a common enterprise priority across the globe. However, industry requirements for effective cyber risk management are as distinct as the individual entities under fire. Enterprises and government organizations need more than an off-the-shelf audit to provide an effective threat assessment. They need industry- and organization-specific insights, tools and processes to protect digital assets and ensure compliance.
Coalfire can help cloud service providers prioritize the cyber risks to the company, and find the right cyber risk management and compliance efforts that keeps customer data secure, and helps differentiate products.
“Success” at a government entity looks different than at a commercial organization. Create cybersecurity solutions to support your mission goals with a team that understands your unique requirements.
The financial services industry was built upon security and privacy. As cyber-attacks become more sophisticated, a strong vault and a guard at the door won’t offer any protection against phishing, DDoS attacks and IT infrastructure breaches.
The continuum of care is a concept involving an integrated system of care that guides and tracks patients over time through a comprehensive array of health services spanning all levels of care. Interoperability is the central idea to this care continuum making it possible to have the right information at the right time for the right people to make the right decisions.
Maintaining network and data security in any large organization is a major challenge for information systems departments. However, in the higher education environment, the protection of IT assets and sensitive information must be balanced with the need for ‘openness’ and academic freedom; making this a more difficult and complex task.
When it comes to cyber threats, the hospitality industry is not a friendly place. Hotels and resorts have proven to be a favorite target for cyber criminals who are looking for high transaction volume, large databases and low barriers to entry.
The payments industry is undergoing rapid changes and unfortunately, an increasing risk for data breaches. Cyber criminals are growing increasingly businesslike, and payments leaders need to move quickly to cover their cyber risk.
The food and beverage industry is under attack from cyber criminals intent on stealing payment information. The food and beverage industry makes up the highest percentage of breach investigations, at nearly 73 percent, according to Visa.
The global retail industry has become the top target for cyber terrorists, and the impact of this onslaught has been staggering to merchants. To secure the complex IT infrastructure of a retail environment, merchants must embrace enterprise-wide cyber risk management practices that reduces risk, minimizes costs and provides security to their customers and their bottom line.
Private enterprises serving government and state agencies need to be upheld to the same information management practices and standards as the organizations they serve. Coalfire has over 16 years of experience helping companies navigate increasing complex governance and risk standards for public institutions and their IT vendors.
Technology innovations are enabling new methods for corporations and governments to operate and driving changes in consumer behavior. The companies delivering these technology products are facilitating business transformation that provides new operating models, increased efficiency and engagement with consumers as businesses seek a competitive advantage.
Cybersecurity has entered the list of the top five concerns for U.S. electric utilities, and with good reason. According to the Department of Homeland Security, attacks on the utilities industry are rising "at an alarming rate."
Cyber risk management, advisory, technology and compliance services. Manage risk and maximize return on investment to prevent data breaches and theft. Coalfire’s solutions are led by a team of industry experts that help enterprise organizations understand a wide range of compliance and risk management initiatives, which enables a consistent cybersecurity framework across the organization.
Assess your cloud strategy and the maturity of your cloud security program, and then chart a path to a more secure program that aligns with business objectives
Better understand the unique risks posed by the cloud and how to assess your cloud program to effectively identify cloud-specific risks and threats and close critical security gaps
Ensure compliance by leveraging our unparalleled expertise across multiple frameworks and extensive experience with more than 350 cloud service providers
Identify risk and vulnerabilities across all devices, and apply solutions to mitigate security issues across your business’s entire cloud ecosystem
Build customized, automated processes so you can stand up and manage secure, compliant, audit-ready cloud environments to get to market faster
Expert assessments that provide an accurate understanding of what you are trying to protect, the inherent and residual cyber risk to your enterprise and the maturity of the your security program and underlying controls
Customized services to help CISOs and Senior Management develop cybersecurity strategy, implement controls, and govern a security program
Adopt a proactive approach to cybersecurity
Make more informed security-related decisions
Design, engineer, and scale with confidence
Simplify DEA EPCS compliance
Certification and Accreditation (C&A) process for DoD
Reducing Financial IT Security Risk
Get FedRAMP authorized with the leading 3PAO
Meet your FISMA authorization needs
Privacy programs to secure consumer data
Health data protection for all shapes and sizes
A risk management and third-party assurance solution
ITAR, EAR, and DFARS Advisory and Assessment
An internationally recognized approach to information security
Cyber security for electric grid critical infrastructure
Protect Controlled Unclassified Information for Nonfederal
Payment Application Security Validation
PCI Data Security Standard Compliance
Have you suffered a data breach of cardholder data?
Establish and report controls to differentiate your organization
Demonstrate your commitment to cybersecurity
Secure the design, development, and deployment of your applications
Collect, preserve and analyze digital evidence to better understand security incidents
Test your IoT solution from field devices to the cloud
Understand vulnerabilities and implement remediation before they’re exploited
Test your organization’s defense against a simulated real-world attack
Listen to real-life stories of our security team exploiting vulnerabilities
Use malware and vulnerability research, open-source tools, and opinions to provide realistic adversary simulations
Control your Compliance
Easily identify IT vulnerabilities