Cannabis dispensaries: Security and risk considerations for continued growth

0
17

The fast-growing cannabis industry will become a prime target for cybercriminals. Recent news of a data breach at point-of-sale vendor THSuite also shines a light on third-party risk management and customer privacy.

n the US, cannabis is fully legal (medical and recreational) in 11 states and Washington, DC. For medical use, it is legal in 33 states. This is a flourishing industry, with one study conservatively estimating it will reach $30 billion by 2025. As dispensaries set up shop, they face many of the same risks as other businesses.

The fast-growing cannabis industry will become a prime target for cybercriminals:

  1. It’s a young yet rapidly growing industry that hasn’t fully implemented risk management or security strategy or thinks it’s too small to need one.
  2. State law requires point-of-sale systems to track every plant, product, and person associated with the production and sale of marijuana.
  3. Digitally enabled operations and sales conducted primarily online or through a mobile app for convenience must address compliance, as well as compliance with advertising restrictions.

The recent news of a data breach at point-of-sale vendor THSuite also shines a light on third-party risk management and customer privacy.

  • What happened: Researchers at vpnMentor discovered an unsecured Amazon S3 bucket owned by THSuite.
  • Where did this data come from: 85,000 files of sensitive data from various marijuana dispensaries around the US and their customers, including personally identifiable information (PII) for over 30,000 individuals. [Read More @ ZDNet]