Articles

The Ever Increasing Threat of Ransomware

Through a ransomware attack, hackers are typically trying to locate and encrypt the most valuable organizational data. Attackers will often target organizations that are conducting research where the data is highly confidential, or they could be looking for personally identifiable information, including social security numbers, addresses, and birthdates. Other ransomware attacks target specific data types or systems that, if taken down, can make it difficult, if not impossible, for an organization to function.

The Ever Increasing Threat of Ransomware

PCI DSS v4.0: Impact to Ecommerce Environments

E-skimming, formjacking, Magecart attacks…with the COVID-19 pandemic, in-person payments decreased, and we saw a rapid push to more activity online. Sadly, with this significant shift to online payments, there has also been a rise in ecommerce attacks. In fact, according to a new study from Juniper Research, losses to online payment fraud will amount to $206 billion between 2021 and 2025.

PCI DSS v4.0: Impact to Ecommerce Environments

FACTA Red Flags: Program Checklist

The FTC can bring cases against any organization that engages in unfair or deceptive practices involving inadequate protection of consumers’ personal data. Has your organization formally addressed the FACTA Red Flags Rule?

FACTA Red Flags: Program Checklist

PCI DSS v4.0: Device Inspections

If devices are not secured, criminals may be able to gain unauthorized access to cardholder data by either stealing, manipulating, or swapping out the terminals with others that have malicious software installed.

PCI DSS v4.0: Device Inspections

PCI Compliance Gotcha: Directing Customers to Labs/Kiosks

Many merchants use third-party payment systems or gateways for online payment card processing, often at the direction of their PCI Team, as this is an excellent way to reduce the organization’s PCI scope and push the majority of the responsibility to the vendor. However, it is important to remember that customers should always be completing these payments online using their own personal devices.

PCI Compliance Gotcha: Directing Customers to Labs/Kiosks

NIST SP 800-171 Series: Security Assessments

In our continuing series highlighting the controls from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev. 2, we turn our focus to Requirement 12, Security Assessment, which requires a periodic assessment of the security controls in organizational systems to determine if the controls are effective in their application.

NIST SP 800-171 Series: Security Assessments

Proper MFA Configuration and PrintNightmare

More and more organizations are continuing to outsource and fulfill needed services with third-party partners and cloud services providers. Unfortunately, this increasing reliance on third-parties can also increase the organizations’ exposure to risk, and we continue to see more breaches of third-party systems. Attackers are targeting technology providers with direct access to multiple customers, versus trying to compromise customer systems individually.

Proper MFA Configuration and PrintNightmare

The Lifecycle of Third-Party Vendor Management and Security Assessments

More and more organizations are continuing to outsource and fulfill needed services with third-party partners and cloud services providers. Unfortunately, this increasing reliance on third-parties can also increase the organizations’ exposure to risk, and we continue to see more breaches of third-party systems. Attackers are targeting technology providers with direct access to multiple customers, versus trying to compromise customer systems individually.

The Lifecycle of Third-Party Vendor Management and Security Assessments

“a lack of compliance could mean nothing at all – until a data breach occurs”

While private businesses research and invest millions of dollars into the latest cybersecurity measures to avoid data breaches, organizations in other industry sectors still need to catch up.

“a lack of compliance could mean nothing at all – until a data breach occurs”

Data Privacy:
Compliance Doesn’t Equal Security, But What About Privacy?

Data Privacy, or information privacy, typically refers to the ability of an individual to determine how, when, and to what extent their personal information can be shared. Privacy is the protection of personal data from unauthorized access, as well as the right to control how that data is stored, collected, and disclosed.

Data Privacy: 
Compliance Doesn’t Equal Security, But What About Privacy?

Cybersecurity Tabletop Exercises for Leadership Teams

This year security experts predict a continued increase in the severity and volume of ransomware attacks.

Cybersecurity Tabletop Exercises for Leadership Teams

PCI DSS: Maintaining an Asset Inventory

When it comes to monitoring and maintaining your CDE, one of the most important factors is ensuring you have an up to date inventory of all assets.

PCI DSS: Maintaining an Asset Inventory