Ransomware gangs, through the expansion of toolset, adoption of new monetization models and use of advanced technology, are re-shaping the attack landscape – moving it away from the commodity-styled ‘spray and pray’ attacks to ones that are more targeted in scope and disruptive in impact.

SISA has been observing that the use of custom malware and genuine tools by intruders, as a defence evasion technique for lateral movement is becoming widespread, necessitating enterprises to invest in robust endpoint response solutions.

The customized approach offers flexibility to organizations that decide to use different methods to achieve security objectives of PCI DSS requirements by determining innovative controls that address evolving threats and technologies.

The newly released PCI DSS 4.0 continues to be hotly debated and discussed, since its launch on 31st March 2022. This post helps answer some of the frequently asked questions on the new standard including implementation queries, to help create awareness and guide organizations in their transition.

PCI DSS assessment under 4.0 can include both defined and customized approaches but, it must be designed in consensus with the Qualified Security Assessor (QSA). Before considering the customized approach as an option, organizations must ensure that they have robust security processes and risk management practices in place.

Threat actors have, in the recent past been exploiting misconfiguration in MFA, to get a foothold into the victim’s network – a trend SISA has been observing in forensic investigations. A commonly observed instance has been the exploitation of default MFA protocols followed by the PrintNightmare vulnerability exploit.

The newly released PCI DSS v4.0 is expansive in scope, futuristic in approach and sharper in focus that covers Risk-driven evaluation, Threat-based plan of action, evolving payment form factors and stringent controls to promote greater security for payment data while also offering a great deal of flexibility through customized validation.

With the release of PCI DSS 4.0 round the corner, there is so much anticipation about likely changes and implications. While the core requirements are expected to remain intact, the new standard will likely expand to reflect evolving changes in technology and threat landscape, while also looking to enhance validation methods and procedures.

With continuous transformation of new and existing international data protection laws, it has become quite overwhelming for organizations to stay updated with the overarching norms of collecting, using, storing, and processing of customers’ personal data.

As remote workforces become the new norm and the rush for everything-cloud intensifies, the frequency and complexity of cyber attacks is only expected to rise, making the discovery of sensitive data a fundamental requirement and a key challenge.

By allowing issuers to be the Token Service Provider (TSP), RBI has enabled an added layer of innovation and convenience to digital transactions. This helps create a fast, secure and efficient payment ecosystem.

Blog Disasters and disruptive incidents are unpredictable and have high chances of interrupting the regular flow of a business. Studies show that 93% of companies