Ransomware today is a billion-dollar industry. It’s crippled industries like healthcare. In 2017, for instance, WannaCry brought much of the United Kingdom’s National Health Service to its knees using the EternalBlue exploit. It was just a few weeks later when the NotPetya ransomware strain leveraged that same vulnerability to attack lots of industries.

These attacks and others like them were made possible by the ongoing presence of weak security controls and outdated operating systems. Looking ahead, it’s likely that malicious actors will continue to use ransomware to target a variety of industries. They’ll also probably go after individual organizations’ Point of Sale (POS) systems, as EMV chip cards have made data scraping nearly impossible.

PCI DSS to the Rescue

Fortunately, organizations can help to protect their cardholder environments against ransomware and other digital threats by achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS). Created by the PCI Security Standards Council, PCI DSS is a set of requirements that organizations can use to protect their cardholder data. It also limits card issuers’ and banks’ liability in the event that a merchant suffers a data breach.

Introducing PCI DSS v4.0

As of this writing, it’s looking like the PCI Security Standards Council will complete version 4.0 sometime in mid-2021. Little is currently known about the new version of PCI DSS. But we do know some of the goals of the revised standard. These include the following:

  • The revised standard will continue to meet the needs of the payment industry as technologies and solutions continue to change.
  • PCI DSS v4.0 will seek to add flexibility and support additional methodologies for the purpose of achieving security. (Historically, the standard has been good at this. It’s introduced methodologies like file integrity monitoring (FIM) and vulnerability management (Read more...)