PCI DSS Compliance Could Be the Cybersecurity Provisions to Build Upon
One of the biggest challenges that companies face in the digital age is managing their cybersecurity risk. This is especially true for businesses that deal with sensitive customer data, such as credit card and other payment information, as those organizations have a lot more at stake.
For example, when hackers breached Marriott International’s systems, they managed to get away with upwards of 8.6 million credit card numbers, severely damaging the reputation of the world’s largest hotel group. The incident could cost the company about US$577 million, according to one estimate.
Which is why business across all industries should do all they can to protect their payment systems. But the reality is, modern point-of-sale or POS systems – while becoming increasingly sophisticated over the years – remain as an attractive attack vector for bad actors.
Numerous high-profile breaches initiated at POS terminals have made headlines in the last few years. US-based retailer Target had its POS system attacked in 2013 and subsequently lost 40 million customers’ data. Two years ago, another famous US brand, Chipotle Mexican Grill, suffered the same fate, affecting 2,250 of its restaurants.
All these attacks were targeted at endpoints with the goal of acquiring credit card information. Hackers often regard POS devices as the weakest link in an organization’s network and deploy malware specifically to siphon data out of them.
Meeting the standards
On top of focusing their efforts to fend off threats of cybersecurity, companies both online and offline also need to adhere to the Payment Card Industry Data Security Standard (PCI DSS).
Initially created to control card-holder data and curb credit card fraud, the standard now requires annual or quarterly validation performed by an external Qualified Security Assessor (QSA) to ensure companies’ compliance.
PCI DSS lays out 12 main requirements for organizations that build and manage secure payment processing networks which protect card-holder data – from processing to transmission to storage – and deploys strict access control measures.
Managing PCI DSS compliance while keeping up with the latest, more sophisticated cybersecurity threats could be difficult for businesses to juggle and thus it is crucial that they find a solution partner able to help ease the burden.
How Foregenix ensures compliance and security
Recently, one of the companies with a long history of success in PCI compliance, Foregenix has been making great progress in the cybersecurity space, helping clients unlock the full value of their investment in defense measures protecting their networks and endpoints.
Having been closely involved with the PCI DSS since its inception, Foregenix understands the challenges that most organizations face in both achieving and maintaining compliance with those standards
With a heavy focus on securing business assets that include customer data, the company offers a set of comprehensive solutions that include but are not limited to:
- Pre-compliance/gap analysis to identify and address areas of noncompliance while establishing a baseline level of security.
- Penetration testing that provides an in-depth analysis of network and application security.
- Network vulnerability scans that ensure protection from the latest threats to aid continuing PCI DSS compliance.
Beyond that, Foregenix was the world’s first assessor accredited by the PCI Security Standards Council to be able to guide and asses payment application against the Council’s Point-to-Point-Encryption (P2PE) standards. It boasts the largest number of QSAs with its substantial experience and expertise in assisting P2PE Solution Providers to secure their solutions, and the company dominated the P2PE assessment market space in 2018.
Managed detection and response
Beyond compliance, Foregenix Managed Detection and Response (MDR) services enable businesses to detect and neutralize even some of the most sophisticated cyber threats. While many security organizations depend on various tools and solutions, without adequate management of multiple updates for example, numerous false positives can lead to delays in response times to genuine issues.
But the team at Foregenix responds to cyber incidents before they become news. Its Serengeti solution provides key forensic telemetry that relays detailed, near real-time information of the state of a company’s cybersecurity health. That’s augmented by the experience and skills of the Foregenix Threat Intelligence Team, capable of sniffing out multi-stage attacks that might slip the detection of even the leading industry-standard cybersecurity solution.
The fast action is possible by Serengeti’s “Single Pane of Glass” visibility and analytics capability that empowers business to quickly explore and sweep through massive data sets to see threats. Cybersecurity concern often weighs heavily on the minds of business leaders, though it need not be the case. Better to shift attention to growing the businesses and serving the customer, and let Foregenix worry about the threat environment.
- Smart city planners must prioritize the security of autonomous vehicles
- What are the security factors that matter when migrating to the cloud?
- How is Mastercard preparing Asia Pacific for the era of digital payments?
- The WEF believes that CXOs need to create a culture of cybersecurity
- How can business leaders better quantify their organization’s cyber risk?