Ransomware gangs, through the expansion of toolset, adoption of new monetization models and use of advanced technology, are re-shaping the attack landscape – moving it away from the commodity-styled ‘spray and pray’ attacks to ones that are more targeted in scope and disruptive in impact.
SISA has been observing that the use of custom malware and genuine tools by intruders, as a defence evasion technique for lateral movement is becoming widespread, necessitating enterprises to invest in robust endpoint response solutions.
The customized approach offers flexibility to organizations that decide to use different methods to achieve security objectives of PCI DSS requirements by determining innovative controls that address evolving threats and technologies.
The newly released PCI DSS 4.0 continues to be hotly debated and discussed, since its launch on 31st March 2022. This post helps answer some of the frequently asked questions on the new standard including implementation queries, to help create awareness and guide organizations in their transition.
PCI DSS assessment under 4.0 can include both defined and customized approaches but, it must be designed in consensus with the Qualified Security Assessor (QSA). Before considering the customized approach as an option, organizations must ensure that they have robust security processes and risk management practices in place.
Threat actors have, in the recent past been exploiting misconfiguration in MFA, to get a foothold into the victim’s network – a trend SISA has been observing in forensic investigations. A commonly observed instance has been the exploitation of default MFA protocols followed by the PrintNightmare vulnerability exploit.
The newly released PCI DSS v4.0 is expansive in scope, futuristic in approach and sharper in focus that covers Risk-driven evaluation, Threat-based plan of action, evolving payment form factors and stringent controls to promote greater security for payment data while also offering a great deal of flexibility through customized validation.
With the release of PCI DSS 4.0 round the corner, there is so much anticipation about likely changes and implications. While the core requirements are expected to remain intact, the new standard will likely expand to reflect evolving changes in technology and threat landscape, while also looking to enhance validation methods and procedures.
With continuous transformation of new and existing international data protection laws, it has become quite overwhelming for organizations to stay updated with the overarching norms of collecting, using, storing, and processing of customers’ personal data.
As remote workforces become the new norm and the rush for everything-cloud intensifies, the frequency and complexity of cyber attacks is only expected to rise, making the discovery of sensitive data a fundamental requirement and a key challenge.
SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive, detective, and corrective cybersecurity solutions. Our problem-first, human-centric approach helps businesses strengthen their cybersecurity posture.
Industry recognition by CREST, CERT-In and PCI SSC serves as a testament to our skill, knowledge, and competence.
We apply the power of forensic intelligence and advanced technology to offer true security to 2,000+ customers in 40+ countries.
USA
India
APAC
Middle East
Global
Facebook
Linkedin 
Twitter
Youtube
