Cyber Crime is a massive problem and businesses are starting to take it seriously after so many high profile attacks in 2016 making it a high priority. We’ve listed a few of the major trends in cyber security that may impact your PCI compliance;
1) Businesses have to keep up with the criminals – One of the major threats faced by businesses is malicious code that is created to find security flaws over the internet. Hackers are using automation to help save time on routine tasks like brute force attacks on user systems. If you don’t change your passwords on a frequent basis and they are trying millions of passwords a second, you are most likely to be hacked. If they compromise one of your passwords then they can potentially access other areas on the same network.
2) Breaches are getting more complicated and harder to beat – Ransomware is becoming more sophisticated and criminals are targeting businesses where it locks up data or websites so they can demand ransoms. Distributed denial of service attacks are also being used by criminals to target internet-dependent businesses to block access to the company’s website and demand ransoms.
3) Firms need to toughen up on bring your own device policies – Employees using personal phones and tablets at work is expected to reach one billion devices by 2018. The issue is that it forces employees to keep sensitive data on multiple devices that have different application installed which aren’t managed by the IT department. You should rank each device on how manageable, available and supportable the security it.
4) There will need to be more security for the cloud – Cyber security normally relies on network and application assumptions regarding static IP addresses and fixed perimeters. However, in the cloud security perimeters are constantly evolving which results in new security gaps and larger attack potential. 44% of operation security managers receive more than 5,000 security alerts per day, so businesses need constant attention to keep cyber security threat detection tools up to date.
5) Businesses handling EU resident's data will be concerned about the GDPR – The general data protection regulations which are being enforced from May 2018 was put in place to protect EU residents data. Compliance will be dependent on having explicit consent for the specific purpose of processing and storing it. This means you must identify all personal data you hold on file and whether you have lawful grounds to store it or not.