Thursday, July 9, 2015

The Firewall Controversy: PCI DSS 3.1 and You

PCI DSS Requirements

By now you are probably familiar with the PCI DSS Requirements. If not, you can find the PCI DSS 3.1 Requirements here. The change is centered around migrating away from Secure Socket Layer (SSL) protocol, which was exposed to have many inherent flaws with no known patch. The inconsistences in the SSL protocol leaves holes in security and can allow for easy exposure of cardholder information. This talk of holes got me thinking about Firewalls and the recent arguments for and against their place in the modern world.

Firewalls have historically been one of the iron curtains put in place by companies to protect the proprietary information within. Like many things in life, the firewall needs to be correctly installed and maintained to work correctly. Incorrectly installed and outdated firewalls, combined with the overall movement towards the cloud have brought the Firewall under fire from those who see it as a less effective prophylactic.

Thursday, June 25, 2015

PCI Compliance Requirements - Opening Yourself Up to Attack

PCI Compliance Requirements

The PCI DSS has been relatively stagnant this past week in terms of news.  Aside from the typical announcements about POS Malware that have recently begun cropping up, or about the big move towards TSL in terms of replacing SSL for security in your network – there really hasn’t been much to talk about.  PCI Compliance requirements are still as strong a concern as ever, however, and the struggle for compliance is still affecting almost every industry in the modern age.  Despite having been around for a few years now, many businesses and corporations are struggling to meet PCI compliance requirements– and many attackers have begun picking up on this fact.  We’ve talked about the various elements of the PCI Compliance requirements before, but today I’d like to take a look at another aspect of PCI Compliance that sometimes gets overlooked – the human factor.  

Thursday, May 14, 2015

What I learned about Data Breaches from the 2015 Verizon PCI Compliance Report

What I learned about Data Breaches from the 2015 Verizon PCI Compliance Report
2015 Verizon PCI Compliance Report

By now, you’re no stranger to the data breach game, and you’ve most likely seen the recent 2015 Verizon PCI Compliance Report.  In the past twelve months, data breaches have come a dime a dozen, appearing all over the news in a variety of different markets.  The most publicized breaches stood out to show us all exactly what we stand to lose by failing to protect our data well enough, and we have even breached the subject before ourselves.  It’s clearly nothing new.  What I think gets overlooked in the discussion of data breaches, however, is just what exactly contributes to the reason behind the upswing in breaches? The PCI SSC is a big player in mitigating data breach and security vulnerabilities these days, and most companies are slowly attempting to meet compliance for PCI to continue business and protect themselves.  Here are few things to look at when trying to keep your company name out of the news for the most recent data breach. 

Thursday, May 7, 2015

Familiar Password Generator | Top 5 Things to Consider

Familiar Password Generator

Did you know the average help desk call costs around 25-30 bucks per call? The number one problem that any IT department encounters is something we are all guilty of: You forgot your password. This may seem like a common mistake that you have grown accustomed to: fixing ticket after ticket after ticket. What you may not have paid enough attention to is the problems that passwords face in a technologically savvy world. It’s now filled with hackers; people who want to steal your information, your privacy, your money, and your life. It sounds dramatic but it’s true. That’s why authentication security should be addressed now more than ever! Luckily, there is a simple solution, one that saves both your sanity as well as your company’s bank account: a familiar password generator. Do you like saving money while becoming a hero at your job? Read on!

Thursday, April 30, 2015

Strong Authentication and Data Security

Strong Authentication and Data Security

We talk a lot about what I means to stay compliant in a PCI dominated world.  What we often gloss over, or only mention in part, is the role of strong authentication and data security.  To draw attention to the importance of authentication, we’re going to look at a couple prominent breaches in recent history, and how stronger authentication could have prevented them.  Stronger authentication and data security go hand in hand and maintaining compliance with the PCI SSC is much simpler when a strong authentication solution is in place. 

Tuesday, April 28, 2015

Tokenless Authentication | 3 Key Reasons to Adopt

Tokenless Authentication | 3 Key Reasons to Adopt

tokenless authentications

There isn’t a day that goes by where I don’t get some sort of news update or reminder regarding either the latest security breach or the industries considered most at risk for cyber attacks. Taking into consideration the Anthem healthcare customer data breach and the cost per healthcare record stolen in the 2014 data breach, researching alternate methods on how to better secure confidential data becomes top priority.

Tuesday, April 21, 2015

PoSeidon PoS Malware Update | What You Should Know

PoS Malware Update - PoSeidon Enters the Fray
PoS Malware

In recent days, PoS malware has lunged into the spotlight once again.  In light of the Target and Home Depot breaches of last year, it has always been on the sidelines, and IT Departments for retailers have been ever vigilant in defending against future attacks.  With the recent discovery of Zeus and BlackPOS, credit service providers are being targeted at an alarming rate.  Just when you thought it was over, a new challenger approaches. 

PoSeidon is the name given to the newest development in this line of threatening PoS malware.  What makes PoSeidon such a threat is the manner in which it masquerades as previous malware, to sneak through security measures.  It is observed as a known threat, but manipulates the systems on which it resides in a unique way not protected by the security in place against its predecessors.  Essentially, PoSeidon fools the system into thinking it is beaten, and uses that vulnerability to wreak havoc.