One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 7390145 |
| Date de publication | 2022-10-11 10:00:00 (vue: 2022-10-11 10:06:50) |
| Titre | PCI DSS v4.0 |
| Texte | 2022 is the year that much of the world managed, to varying degrees of success, to get back to normal. People ramped up traveling, returned to in-person activities and many returned to the office. The pandemic changed most aspects of day-to-day life, but hackers and other bad actors generally continued making life difficult for businesses, governments, and non-profit entities. As a result, there have been some innovative new ways to target networks and IT infrastructures that keep CISOs and their teams up at night. A sample of those types of concerning threat vectors include Ransomware as a Service, targeting IOT/OT infrastructure, general supply chain attacks. Tried and true methods, like phishing, and targeting unpatched or outdated systems to find vulnerabilities also continued. Data shows that threats are increasing in volume and impact across every industry and government agency. The Cybersecurity and Infrastructure Security Agency (CISA) recently reported that 14 critical US sectors have been the subject to intense ransomware attacks and the FBI identified over 2,000 ransomware attacks between January and July of 2022. (source) CheckPoint estimates that 1 out of 40 organizations will be hit by a ransomware attack and 84% of those sees some amount of data exfiltration. IBM appraises the average cost of a data breach at $4.3M and the recovery time from such attacks is approximately 22 days. And with all of that said, the World Economic Forum still attributes 95% of all data breaches to human error. The cybersecurity industry is fighting back. The PCI Security Standards Council (PCI SSC) sorted through over 6,000 pieces of feedback from over 200 organizations, to help it create the new standard aimed at significantly reducing the success of these types of attacks in the future. On May 31, 2022, the PCI SSC released version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). This provides an accepted baseline of technical and operational requirements designed to protect various types of user account data. The updated standard and Summary of Changes document are available now on the PCI SSC website. Version 4.0 is a significant update to the standard, so to enable organizations to understand the new requirements and plan, execute and test updates, the current version of 3.2.1 remains active through March 31, 2024. Assessors are undergoing training and certification for the new standard now, and once available, they will be able to assess to either the current or new standard, based upon the plans of the organization. The new standard had many expected updates based upon evolving payment card industry security needs. There are also changes to the frequency of expected effort, shifting from specific durations between work to the idea that security is a continuous process. The stated goals for PCI DSS v4.0 are as follows: Continue to Meet the Security Needs of the Payment Industry; Promote Security as Continuous Process; Add Flexibility for Different Meth |
| Notes | |
| Envoyé | Oui |
| Condensat | organizations 000 200 2022 2024 able accepted account achieve across active activities actors add agency aimed all also amount any application appraises approximately are aspects assess assessments assessors at&t attack attacks attributes available average back bad based baseline been best between breach breaches breed business businesses but can card certification chain changed changes checkpoint cisa cisos client code companies compliance concerning consulting contact content continue continued continuous continuously cost could council council: couple create created credit critical csps current cybersecurity daily data day days degrees designed details detection development different difficult document dss durations economic effort either enable engage enhance entities environment error estimates every evolving example execute exfiltration expected face fbi feedback fees fighting find fines flexibility follows: form forum frequency from fully further future gaps general generally get glance: goals government governments hackers had handles have help hit hub human ibm idea identified identify ignoring impact include increasing industry industry; infrastructure infrastructures innovative intense iot/ot january javascript july keep leaders legal leverage library life like loss making manage managed management many march may meet mention methodologies; methods millions monitor more most much mvp needs networks new night non normal not now office once one online operational optional org organization organizations other out outdated over pandemic partner payment pci pcisecuritystandards penalties penetration people person phishing pieces plan plans platforms policies powered practices process process; profit program promote protect provide provides quickly ramp ramped ransomware reach read ready recently recovery reducing released remains remediation reported reputational requirement requirements resource resources response result returned review risk said sample scanning scope sectors security sees service services settlements shifting shows side significant significantly simply solutions some sorted source source: specific ssc standard standards stated subject success such summary supply systems target targeting team teams technical technology test testing the pci then these those threat threats through time tool trained training traveling tried true type types undergoing understand unified unpatched update updated updates upon use user usm validation various varying vectors version volume vulnerabilities vulnerability ways web website when will without work world year you’re your |
| Tags | Ransomware Data Breach Tool Vulnerability Threat Guideline |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.