- Annonser -
  • Digital säkerhet
  • Traditionell säkerhet
  • I FOKUS
  • Nyhetsbrev

”The ongoing lack in payment compliance is a worrying trend”

-

- Annons -

We met up with Gabriel Leperlier, Senior manager Security Assurance EMEA, Verizon Business.

Not even a third of the global organizations could fully meet the requirements of PCI DSS (Payment Card Industry Data Security Standard) , which is a worrying development – what does this mean in concrete terms for consumers?

– The ongoing lack in payment compliance is a worrying trend. Consumers trust the brands they buy from and trust in the systems they use – lack of compliance can mean that their personal data is vulnerable to criminals. Payment data remains one of the most sought after and lucrative targets by cybercriminals with 9 out of 10 data breaches being financially motivated, as highlighted by the recent Verizon Business 2020 Data Breach Investigations Report (2020 DBIR). Within the retail sector alone, 99 percent of security incidents analyzed by the 2020 DBIR were focused on acquiring payment data for criminal use.

The recent coronavirus pandemic has driven consumers away from the traditional use of cash to contactless methods of payment with payment cards as well as mobile devices. This has generated more electronic payment data and consumers trust businesses to safeguard their information. Payment security has to be seen as an on-going business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers.

The decline in how companies have lived up to the security requirements is also worrying. Why do the numbers look like they do? What is your analysis of this issue?

– We see the same issues behind the lack of compliance across every requirement including security.

Over the past few years we have highlighted that the main reasons of this decline were the lack of sustainability of the security controls, the lack of Proficiency of the available resources. Last year we also pointed out that too many companies see payment security as an add-on to other projects instead of prioritising it as a global program.

However this year we point to the lack of Leadership engagement – which is a major issue.  The responsibility to plan, design, execute and support data security resides with many people, not just the CISO. Long-term development of sustainable control effectiveness lacks priority and focus. Without this long-term strategy, companies are deemed to fail.

How can we make the trend break? And what will we see if we do not get a trend break? What is the worst-case scenario?

– In order to break the trend the answer doesn’t lie with more technology; it lies with people, priorities and processes.  Data security is a process that requires long-term attention to strategic initiatives and commitment from senior management.

In addition there are five elements make up a high performance data security compliance management environment:

1.     Security business model (SBM): An overarching model that ties all the elements together to obtain business support for security strategy. This model defines the objectives and how core processes are structured to deliver maximum value—and supports how the organization’s models, frameworks and programs are aligned.

2.     Security strategy: The security business model is then translated into a strategy. The strategy is mainly concerned with determining the careful selection and prioritization of the security and compliance approach and objectives, and ultimately guides the allocation of scarce resources. The security strategy must be aligned with a business model. It won’t define the “how to.” Today, only a small number of CISOs are successful in aligning the cybersecurity function with their organizational strategy.

3.     Security operating model (SOM): The strategy is supported by the security operating model, and concerned with the alignment of resources and processes. The operating model represents how value is created by an organization— and by whom within the organization. The operating model must be aligned with your strategy, or there will be poor execution and an uphill battle to deliver results.

4.     Security frameworks: CISOs are finding it difficult to align their security frameworks with the organization’s mission. The correct selection and application of frameworks should move organizations away from being too technically focused. Frameworks provide structure. They can be thought of as the skeletal system upon which the body of a sound program can be built. Generally, frameworks are operational in nature and provide a detailed description of how to implement, create or manage a program or process. Frameworks are typically principles-based and open to continuous improvement. As a result, frameworks usually rely on subsidiary standards to “make it happen.”

5.     Security programs and projects: The operating model is supported by the security program. The program delivers outcomes by managing a collection of projects, where the achievement of long-term objectives can only be realized when it’s collectively managed as a program.  From a governance perspective, there are six major outcomes that the security program should work to achieve. These are: Strategic alignment; Risk management; Value delivery; Resource management; Performance management and Assurance process integration. The intent of a data security compliance management program is to design and execute a governance framework and maintain control over the program activities for extended periods of time. This provides the best possible chance to succeed in achieving the stated objectives with the available resources.

FLER NYHETER

Teknikjätten Panasonic bekräftar cybereattack

Enligt sajten bleepingcomputer.com ska det röra sig om information om Panasonics teknologi och samarbetspartners som hackarna har kommit åt. Bolaget fick kännedom om attacken...

Ny rapport om hoten mot digitala leveranskedjor

Det är första gången en svensk myndighet tar ett helhetsgrepp om problematiken med digitala leveranskedjor. Rapporten baseras dels på data från NIS-leverantörer och dels...

Khashayar Farmanbar blir ny digitaliseringsminister

Det före detta oppositionsrådet Khashayar Farmanbar tar över ministerposten om energi och digitalisering efter Anders Ygeman, som går till justitiedepartementet och blir integrations- och...
- Annons -

Sectra tecknar avtal om säker kommunikation med Nederländernas försvarsministerium

Nederländernas försvarsministerium har använt Sectras lösningar för säker kommunikation sedan 2004. Utöver den senaste versionen av Sectra Tiger/S innefattar det nya ramavtalet även service...

Säkerhetsbranschen polisanmäler tre säkerhetsföretag

– Vi ser allvarligt på att företag bedriver larmcentralverksamhet utan tillstånd. Det ställs höga krav på oss som arbetar med säkerhet och trygghet, och...
- Annons -

Kaspersky utnämner territory manager för Norden och Benelux

De Groot har arbetat hos Kaspersky i många år. 2010 började han i det nederländska teamet, inledningsvis som chef över onlineförsäljningen i Benelux-området. Sedan...

Rapport om cyberförsvarsforskning uppdaterad med erfarenheter efter workshop

En summering av workshopen är att det finns en konsensus om att vi tillsammans skapar värde genom samverkan. Forskning är avgörande för internationell framgång...

Basalt stöttar Ängelholms kommun med totalförsvarsförberedelser

– Kommunen har tagit berömvärt tidiga initiativ för att bilda sig en uppfattning om vad totalförsvarsbeslutet innebär för kommunen och skapat sig ett gott...

Aastha Rohilla samt Carina Helenius och Jahangir Riaz tilldelas ISACAs stipendium 2021

Stipendierna delades ut under ISACA-dagen den 25 november som hölls på Hilton vid Slussen i Stockholm.Juryns motivering för Astha Rohilla lyder:"Aastha Rohilla...

Hälsoteknikbolag ISO-certifieras för informationssäkerhet

– I takt med den ökade digitaliseringen av vården, hantering av känslig information som patientdata och personuppgifter, och i kombination med cyberhot av olika...

Digitala vårdlösningar praxis – men säkerheten oroar

Kaspersky har intervjuat 389 beslutsfattare inom hälso- och sjukvård i 36 länder, för att undersöka branschens digitala utveckling och vilka problem som finns med...

Fastighetsägarna GFR ingår samarbetsavtal med Tmpl Solutions

– I dag öppnar sig nya möjligheter att utveckla fastighetsbranschen med hjälp av digitala verktyg. Ett kraftfullt sätt att skapa värde för fastighetsägare och...

F-Secure går med i Internet Watch Foundation

– F-Secure ansluter sig till IWF vid en avgörande tidpunkt. Förra året var ett rekordår för IWF, då våra analytiker hittade och tog bort...

Svenska anställda får inte tillräcklig utbildning i cybersäkerhet

Trend Micro presenterar nu resultatet av en undersökning av svenska företags användande av samarbetsverktyg. Under pandemins distansarbetande har verktyg som Zoom, Microsoft Teams och...

Är du verkligen säker i hemmets trygga vrå?

Många av oss arbetar hemma och troligtvis är hemmakontoret här för att stanna. Kanske...

Ransomware blir värre om vi inte rättar dessa fyra fel

Att det är illa med med cyberbrottslighet är välkänt, speciellt med ransomware (utpressningsattacker, gisslanprogram)....