It has been reported that a PoS payment card attack involving a pair of malware variants was used to steal more than 167,000 payment records from 212 infected devices mostly in the U.S.
Full story: Researchers uncover more than 167,000 stolen credit card numbers, primarily from the U.S. – CyberScoop
Malware is just one click away. The two most important things an organization can do are a) to spread cybersecurity awareness and to use a zero-trust approach to make sure that users only get access to sensitive data, when they have the permission and only when it is absolutely necessary. And b) protect the data! Sure, traditional encryption methods are a consideration, but some algorithms can be easily cracked, and key management and other operational concerns make plain data encryption unattractive. Keep in mind that encrypted information does not possess the original format of the data, so enterprise applications either must be modified, or the data must be de-protected. Neither option should be acceptable. Using a stronger, more flexible data-centric method such as tokenization means that data format can be preserved while sensitive data elements are obfuscated with representational tokens. Enterprise applications support tokenized data much better, skirting the need to de-protect the information in order to work with it within a corporate workflow.