Restaurants are loaded with internet-connected technologies and in today’s age of digital transformation, the rate at which new technologies are being onboarded feels like an all-out arms race.
As consumer demand for digital conveniences increases, restaurants are pushed to meet, rather than exceed, expectations for quality, speed and convenience. However, in the rush to keep up and deploy new technologies, more often than not, additional security vulnerabilities are introduced. Restaurants and fast food chains have always been a prime target for cybercriminals due to their high volume of low dollar credit card transactions and typically lagging security posture.
In the past, standard security measures – firewall, antivirus and even encryption – were a solid response to the cyber threats facing diners.
A successful intrusion into the digital menu board web server could be the foothold a hacker needs to make a hop or two into the POS and begin exfiltrating credit card data.
With the rapid addition of internet-connected technologies that touch the same network as the point-of-sale (POS) system, new opportunities for credit card data breaches are popping up whether that be via the digital menu board, the tabletop tablets, self-ordering kiosks, loyalty program application, guest Wi-Fi, digital inventory tracking, employee scheduling software, or ironically enough, those physical security cameras. The fact is, if one of these systems are vulnerable, your credit card is as well.
So, let’s take that innocent digital menu board for example. The digital menu board is data-driven – what it displays is retrieved from a web server, typically located somewhere else. Typically, that web server is sending data to many stores. That means that digital menu board is connected to the store’s network in order to communicate over the internet, just like the point-of-sale system. A successful intrusion into the digital menu board web server could be the foothold a hacker needs to make a hop or two into the POS and begin exfiltrating credit card data. Such POS intrusions have been known to go undetected for months.
In this example, this situation can be prevented by a few best practices:
- segmenting the network to separate POS traffic from all others,
- deploying cloud next-generation firewall services to ensure security policies stay current
- using endpoint threat protection on POS systems to immediately be alerted to anomalous and potentially malicious behaviors and events
As on-premise firewall devices become more expensive and more complex, one critical consideration every store should be considering is managed SD-WAN to roll secure and resilient connectivity, threat protection and PCI DSS compliance into one efficient, simpler and less expensive solution. Through the use of SD-WAN (Software-Defined Wide Area Networking), simpler, multi-purpose edge routers are deployed to the stores while the smarts, such as next-generation firewall protection, intrusion detection and more, are deployed and orchestrated via the cloud.