How to Be Resilient to Data Theft
Page Integrity Manager is now PCI compliant — a strong starting point to harden your web applications.
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is fundamental for any business that accepts payment cards or processes payment card data. Many financial services organizations and e-commerce sites invest substantial time and budget to achieve PCI DSS compliance. Today’s web development teams rely on a diverse collection of third-party client-side scripts to simplify development and accelerate time to market. Many of these scripts come from smaller software vendors that haven’t invested in PCI-compliant security systems. Threat actors can exploit these third-party scripts to carry out sophisticated data skimming attacks that are difficult to detect and mitigate with traditional data security solutions.
To make passing a compliance audit meaningful, you need to ensure that your strategic website partners, like Akamai, also provide PCI-compliant solutions to harden your web application security and protect you from increasing supply chain threats.
In this blog, I’ll briefly review PCI DSS, explain how to combat the latest script-based attacks that target the web application supply chain, and make clear why having a PCI-compliant script attack mitigation solution is critical.
PCI DSS Helps Prevent Payment Card Fraud and Abuse
The PCI DSS helps merchants and banks protect cardholder data and improve trust. Established by major credit card companies like Visa, MasterCard, and American Express, the standard lays out best practices for safeguarding sensitive data, defending against cybersecurity threats, and mitigating risk. PCI DSS applies to any entity that stores, processes, or transmits cardholder data, including financial services providers and online retailers.
PCI DSS Goals and Requirements
Source: PCI Security Standards Council PCI DSS Quick Reference Guide
Many online businesses invest significant time and money certifying their systems and processes for PCI compliance. Yet despite these substantial investments, many “PCI-compliant” organizations are not immune to data loss. Threat actors are continuously honing their methods, finding new ways to evade defenses and steal data. Online businesses must continuously review and update their security systems and practices to keep pace with the evolving threat landscape and maintain PCI compliance.
Your Supply Chain Security Is Only as Strong as Its Weakest Link
Script-based attacks make life easy for cybercriminals. They can attack major websites without having to penetrate well-defended enterprise networks. And by targeting the web application supply chain rather than websites directly, cybercriminals can strike thousands of online businesses in a single attack.
Not surprisingly, bad actors have carried out millions of web skimming attacks in recent years, including many large-scale attacks against major companies like British Airways, which was fined $230M for a 2018 data breach involving 380,000 credit cards.
To effectively combat script-based attacks, you need to:
- Detect anomalous script behavior in real-time–as it happens
- Block malicious activity before it adversely impacts your business
- Identify vulnerable resources to prevent repeat attacks
Akamai Page Integrity Manager can help protect your online business against sophisticated script-based attacks. Specifically conceived to mitigate security threats posed by third-party, client-side scripts, the solution runs in the browser and uses machine learning to intelligently identify vulnerabilities, detect suspicious script behavior, and block malicious activity.
Page Integrity Manager can help your business improve PCI compliance and mitigate risk by keeping pace with today’s ever-evolving threat landscape.
There will be more opportunities to engage with us on this and more at Edge Live | Adapt. Sign up to see how customers are leveraging these improvements, engage in technical deep dives, and hear from our executives how Akamai is evolving for the future.
*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Gerhard Giese. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/o5DI6mS5BBo/how-to-be-resilient-to-data-theft.html