If your organization handles credit cards, you are no doubt familiar with Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS is a set of requirements and procedures that have been established in order to strengthen security of cardholder transactions and data in order to reduce fraud. PCI DSS controls have been implemented for many years but as hackers have advanced their efforts, new requirements continue to emerge with updates to existing controls and reporting.
I’ve heard it many times from customers: “IT Security needs to be transparent to users in order to be successful.” Unfortunately, we are now in a digital age where things have dramatically changed and research has shown over and over that credential compromise is the top way that hackers breach an organization.
Hmm, I thought I remembered my password. As I tried to log into my account with a large retailer known for their athletic wear, I click the forgot password link. I enter my email address.
Even though Cyber Security Awareness month has passed, it is important to remain diligent and and stay aware to defend yourself from threats. I recently worked with CSO Magazine to put together a series of best practices that organizations and their users should follow (both in and out of the corporate network) to minimize threats and reduce risk.
While IT security education may be part of an organization’s onboarding process, many people still don’t realize that they shouldn’t open an email from an unidentified source, or even those from a friend or coworker that have uncharacteristic links or text. And inevitably they still do.
In our Part 1 Series we talked about User and Entity Behavior Analytics (UEBA) and its benefits for better detecting possible breaches and insider threats through user and entity behavior and risk scoring. Now let’s talk about the differences between traditional UEBA vs the newer UEBA solution, the Behavioral Firewall, which integrates adaptive responses to prevent threats.