Empresas comienzan el 2020 preparándose para el nuevo estándar PCI DSS 4.0
febrero 13, 2020GM Sectec ha sido certificado como Investigador Forense PCI (PCI PFI) por el Consejo de Estándares de Seguridad de la Industria de Tarjetas de Pago (PCI Council)
marzo 2, 2020* By Héctor Guillermo Martínez, President of GM Security Technologies
Every year we try to visualize new vulnerability scenarios for cybersecurity corporations. Next, we share some reflections that value critical trends for the CISO for this 2020.
Mobile devices, means of attack of a corporate perimeter. Business mobility becomes a standard both in office spaces, as in the monitoring and logistics processes in manufacturing production cycles or in distribution. Therefore, both the mobile devices of the companies and those of the employees will be the target of new and more sophisticated attacks in order to access critical data of the corporations.
In 2019, half of all organizations suffered a malware infection on mobile and endpoint devices owned by the company according to the Kaspersky’s IT Security Economics report in 2019. But half of the employees’ owned devices also suffered malware attacks . Thus, if we consider that employees do not apply routines for protection and security of information on their mobile phones, this vector will be more wanted by cybercriminals to invade the perimeter of corporate information.
BYOD and «D» will be data, activate alarms. One of the great transformations that almost universal connectivity leaves us with is that, in business environments, workers operate from their own devices. The virtualization software of work environments today allows the prediction of Citrix, according to which 50% of workers will operate remotely in 2020. This is an important milestone in the operational costs of organizations, but also poses the challenge of integrating Multiple sources of applications and data repositories.
The ease of outsourcing of services and applications that the cloud implies will make the activity of attacks against third parties that provide the services (storage, CRMs, ERPs, billing, credit cards etc.) to workers and their organizations more dynamic. This new reality transfers responsibility for data security to the weakest links in the value chain: employees and consumers. It is time to strengthen defenses.
Identity theft is widespread and diversified. The developers of phishing kits will offer more refined products, which will further reduce the skill required to launch an identity theft campaign. According to the IDG Security Priority Study, 44% of companies say that raising their safety awareness and staff training priorities is a priority by 2020. Attackers will respond by improving the quality of their phishing campaigns by minimizing or hiding the common signs of phishing. Further use of the commercial email engagement (BEC) is also expected, where an attacker sends legitimate-looking phishing attempts through internal accounts or fraudulent third parties.
Artificial Intelligence, the new pandora box. Just as the application of artificial intelligence is accelerating the authorization of processes and generating new opportunities for the development of new services and digital experiences, only few know and master the management mechanisms of the algorithms that support it.
Artificial intelligence is speeding up data protection software by allowing real-time observation of changes in the data usage behavior in networks and corporate environments allowing damage control actions, when a cyber-defendant manages to hack the AI algorithm , very few experts in the corporate structure are able to identify external interference in an agile term.
Infrastructure and public services lead the strategy of cybercriminals. Infrastructure and public services are the most lagging behind in technological innovation, less traceable in order to protect them from cyber attacks. 2020 will be the year that nations will begin to seek to strengthen their monitoring and defenses before attacks in ICS environments become common.
Less plastic, more technology. Among the many areas in which digitalization has entered strongly, is that of payment methods. Technological innovation has allowed the growth of alternative forms of payment to be presented and different from plastic. This 2020 it is expected that electronic payment, in its different modalities, will become even stronger. This makes it more important to establish controls and standards (such as PCI DSS) in organizations that process, store and / or transmit cardholder data, to secure such data, in order to avoid fraud involving debit and credit payment cards. . PCI DSS (in its new version 4.0 to be launched in 2020) has been an effective way to strengthen security and improve cyber posture by following clear and manageable guidelines and methodologies.
2020 is here, and we enter a new decade full of innovation potential, the question that must be asked is: did you take the right risk to create a game change for the future of your organization?
Source – https://itnews.lat/seis-escenarios-de-cuidado-para-garantizar-la-ciberseguridad-en-2020.html