Being a year older and wiser doesn\u2019t always mean avoiding old mistakes. The point-of-sale (POS) breaches that plagued retailers in 2014 are back with a vengeance this year, so far compromising data from health insurance agencies, food chains Zoup and Natural Grocers and causing third-party POS device manufacturer NEXTEP to launch a security investigation into its own devices.\nThe continued success of these breaches is disheartening for retailers. Most, if not all, of the companies affected had basic security measures in place when the breaches occurred and no doubt believed they were doing everything right. However, Dell discovered in its 2014 Global Technology Adoption Index (GTAI) that retail is the only industry in which companies are devoting more financial resources to compliance-related security concerns than to hacker-relatedconcerns, a narrow and incomplete focus that could leave the door wide open for a successful breach.\nThe new 2015 Dell Security Annual Threat Report identified a few disturbing new data points about the recent slew of POS attacks:\n1)\u00a0\u00a0\u00a0\u00a0 POS malware and attacks are proliferating.\nDell SonicWALL Threat Researchers created over three times as many POS-specific malware countermeasures in 2014 compared with 2013.Cyber criminals are launching a broader front against retailers, leading to the dramatic and very visible increase in attacks on retailers that we witnessed last year.\n2)\u00a0\u00a0\u00a0\u00a0 The U.S. retail industry is the biggest target.\nThe majority of attacks Dell identified last year were targeted at American retailers. Mega-companies Home Depot and Target famously experienced the largest POS breaches in history, and others, including Michael\u2019s and Staples, were also victims of the digital bloodbath that took place throughout the year.\n3)\u00a0\u00a0\u00a0\u00a0 POS attacks are evolving.\nDell SonicWALL threat researchers identified new breeds of POS malware tactics in 2014, including memory scraping and the use of encryption to avoid detection from firewalls. Having up-to-date network security infrastructure and continuous monitoring is becoming more important than ever.\nOne of the most worrisome data points revealed in last year\u2019s GTAI showed that employee security training is lacking across all industries. Fifty-six percent of companies admit not all of their employees are aware of security rules. This can expose companies to threats ranging from the accidental sharing of sensitive data to the provision of unrestricted system access for vendors who might be compromised themselves.\nIt may seem like companies are fighting a losing battle against POS breaches, but the truth is, even the largest breaches of 2014 could have been avoided with the right measures in place. There are a few best practices retailers should follow to prevent additional POS breaches in 2015:\n\nInstall next-generation firewalls (NGFWs) between network segments and in the business-to-business portal. NGFWs go beyond the port\/protocol inspection and blocking offered by traditional firewalls to also provide application-level inspection, intrusion prevention, and intelligence from outside the firewall.\nMinimize mobile threats by enacting a full mobility security plan that includes basic limitations on the mobile devices themselves (password and timeout requirements, software updates, and policies against jailbroken devices and downloads from untrusted developers) and at the data level (appropriate access levels for employees, automatic encryption, and ongoing employee training).\nUse deep-packet inspection on all traffic at every node on every segment and automatically investigate anomalies.\nSeparate groups and zones to keep attackers who have gained network access from penetrating further.\nInstitute two-factor authentication to protect against compromised mobile devices.\nKeep the operating systems (OS) patched and all software updated.\nIsolate the POS system from the rest of your network and restrict terminal activity (no web browsing).\nAdopt a security policy that trusts nothing (network, resources, etc.) and nobody (vendors, franchisees, internal personnel, etc.), then add explicit exceptions.\nEnforce email security to block malware in spam and phishing attacks.\n\nFinally, make security training a significant part of employee onboarding and ongoing communications. No data is truly secure unless the people who interact with it every day understand acceptable usage rules and how to respond in the event of a breach.\nIf some good can come from 2014\u2019s multitude of POS breaches, it should be that it inspires retailers to re-examine their approaches to security. Go beyond basic compliance needs and proactively protect your infrastructure from hackers. With the wealth of security resources available to combat both traditional and emergent threats, the \u201cyear of POS breaches\u201d should soon feel like a footnote in the history books.