July 8, 2020 •
There is a fine line being walked in the merchant acquiring and payments space. As both the primary players and the smaller providers know, merchants’ security threat landscape continues to shift and expand at a rapid pace. Guiding merchants down the path of implementing security protocols to protect the merchant, and mitigating breach risk for the processor, can be challenging. We see acquirers meeting this challenge through what I call a “scalpel approach.”
Payment Security • PCI Compliance • Risk Management
May 17, 2020 •
It struck me recently that there are interesting parallels for a business trying to deal with all the shots coming out of COVID-19, both early on and over time. They were fast and furious at the beginning; I am sure we all agree. But what does the small business threat landscape look like now?
Coronavirus • Information Security
May 13, 2020 •
Individuals in the security industry often comment that the foundation of any company’s security program is its policy and procedures. I am not saying they are incorrect; however, I do not believe they see the big picture. Policy and procedures look to address risk, but they do not define it. Therefore, the foundation of any security program is formed by the activities around risk identification.
May 1, 2020 •
We can learn a lot from the same protective measures that are working to defeat this insidious coronavirus enemy. The parallels are striking between the social and professional measures that are swiftly becoming business-as-usual, and the security measures that should have been business-as-usual all along. Now may be the perfect time to remind ourselves of a few.
Coronavirus • Endpoint Security
April 1, 2020 •
What happens in social distancing situations like the one we are in now, when security assessments such as PCI, HIPAA, risk analysis, and many more require an onsite visit to your in-scope locations? Events such as COVID-19 create a need to become more agile in order to maintain business as usual while shifting the paradigm of working in person.
Compliance • Coronavirus • Security Assessments
March 25, 2020 •
Today’s news cycle is all about the impact that coronavirus/COVID-19 has been having within the world’s economy and health and welfare of most all individuals. I am sure you are prepared to handle the loss of a server or recover lost data, but what about your staff? Does your business continuity planning include the loss of people as part of your operational resources? If not, it should!
Coronavirus • Risk Management
March 23, 2020 •
While quantum capabilities are still a few years out, it’s important to be thinking about their future impacts to our crypto systems today. How will we prepare and upfit our systems to meet the challenge of tomorrow’s adversaries? There are four important things we need to be thinking about when building crypto-agility into our applications and systems for the coming quantum era.
Encryption • PCI Compliance
March 18, 2020 •
With an immense amount of FUD (fear, uncertainty, doubt) circulating regarding coronavirus/COVID-19, cybercriminals are playing on those emotions and have already begun to alter their attack methods, patterns and content. We have received multiple reports from our customers, along with threat identification in our SOC, of attackers using coronavirus-related messaging in their phishing attempts for email compromise and malware/ransomware infection.
Coronavirus • Security Awareness
March 12, 2020 •
After leaving the March 2-5 conference, I ate lunch at an open seating restaurant at the airport. Over lunch I educated two people on the latest Intelligence on credit card security and fraud, armed with new stats and insights I’d picked up at the MAC Level Up conference. This was proof positive that MAC delivers as it relates to educational content and relevance. In this post, I will share my biggest takeaways from the conference.
March 10, 2020 •
The more we think about data privacy, the more we realize how complex it truly is. From both the technical and the legal side, there are new capabilities that are exciting and offer an incredible capacity for use cases we haven’t even considered. Some of the topics discussed at the RSA 2020 Conference that are worthy of consideration focus on these new and emerging services, and how they must be viewed through the lens of personal privacy.
Encryption • Privacy
March 9, 2020 •
A ransomware variant, DoppelPaymer is showing some interesting new features that have morphed it into what we call “extortionware.” It is infecting systems and performing not only data encryption for ransom, but also exfiltrating data back to the attackers to be potentially released to the public if payment for the ransom is not made.
Active Monitoring • Ransomware
March 3, 2020 •
In my daily scan of the security news headlines, I’ve been noticing that more and more frequently, companies hit by ransomware are paying up. A more recent example is the City of Cartersville, Georgia, which paid a whopping $380K to its attackers. But it doesn’t have to be this way! Read on for 3 ways to avoid a ransomware lock down.
MDR • Ransomware
February 17, 2020 •
Lately, there has been a wave of cyberattacks specifically targeting the petroleum industry. This is due to a handful of recent successes by the attackers with some very large and well-known brands. Given the success that the attackers had in those environments, they are moving on to other similar and potential targets within the industry and attempting to find additional value to compromise. In this post, I’ll share specifics about how the petroleum industry is being targeted and ways you can protect your network from a potential compromise.
Active Monitoring • MDR • Network Security • Point of Sale
January 30, 2020 •
It’s 2020, and that means the deadline for the Visa and Mastercard EMV liability shift for the petroleum market is now imminent. But before you say, “Well, I’ve heard that one before,” and go about your business as a fuel retailer, it’s important to understand that this deadline appears to be sticking.
January 20, 2020 •
While many associate Georgia with innovation and expansion in the payments space—more than 70% of America’s payment transactions are processed by companies in Atlanta and around Georgia—the Georgia information security landscape is also a boon for the state’s economy. In its new industry report, “2020 State of Georgia’s Information Security and Cybersecurity Ecosystem,” the Technology Association of Georgia (TAG) lists more than 75 InfoSec products and services companies that call Georgia home. Together, these companies and others like them generate over $1.4 billion in annual revenue and employ more than 6,700 network and computer system engineers alone.