Rising payment security incidents and breaches has still not spurred most organizations to institute an effective plan to handle threats. Payment breaches are highly targeted and motivated attacks, prompting the payment industry regulatory body to come out with Requirement 12.10 as part of PCI Compliance standards, which effectively necessitates that organizations have an incident response mechanism. However, the challenges of payment security are unique in that they are constantly evolving and myriad factors are at play. For instance:
- Investigating a payment security incident requires in-depth knowledge and forensics expertise – both scarce commodities in the marketplace today.
- Delay in responding to attacks can be ruinous to the organization.
- The first set of actions taken after detecting an incident determines the success of any investigation; incorrect action can cause millions of dollars of damage, including loss of reputation.
While a breach is imminent given the growing threat landscape, it is important to have a proactive strategy – not merely a defensive one. An incident response plan, along with an incident detection process, enables organizations to proactively identify threats and set in motion the preventive mechanism. It is in this context that one should weigh in the possibilities of evolving threat mitigation software such as PaySIRF.
Developed by SISA to helps banks and organizations handle security incidents, PaySIRF is a program that assists in timely identification of any incident. By responding within 48 hours for evidence collection and analysis, SISA successfully removes the risk of evidence contamination, a problem in most organizations. Thus, PaySIRF plays an important role in effectively limiting the damage and downtime rising from a breach.
Relevance of an Incident Response Program
From identifying security incidents and classifying them, organizations must have a rapid response team to investigate and evolve an action plan. An incident response would entail, in the shorter term, the following tasks:
- Identifying, isolating, and containing the compromised device and limiting network access (in real-time);
- Obtaining the evidence without modifying or harming the original data;
- Checking that the acquired evidence is the same as the originally seized data based on the calculated hash value;
- Following the chain of custody for documenting evidence handling;
- And, communicating the incident to the respective entity.
Over time, the rapid response team has to evolve a perspective that covers the longer term, including:
- Examining the data by maintaining the integrity;
- Developing visibility into procedures and activities that happened on server and desktops (or where the incident has happened);
- Mitigating security gaps and vulnerabilities;
- Focusing on a logical approach;
- And, implementing extensive reporting features.
A PCI-approved payment forensics investigator, SISA’s PaySIRF program helps banks and financial organizations to address most challenges relating to payment security. From conducting breach risk assessments to developing a proactive security incident and response program, SISA helps in timely identification, containment, and responding to payment security incidents. SISA’s shorter response time and forensics capability provides the required competitive edge to banks and organizations.