by Michael Hopewell, Managing Information Security Consultant. Introduction Many businesses have heard about Point to Point Encryption (P2PE). Point of Sale vendors, service providers and others often mention its benefits to businesses: P2PE can reduce risk to payment card data by rendering it unreadable, minimise the number of systems and networks in scope for […]
Compliance with the PCI DSS (Payment Card Industry Data Security Standard) is mandatory for all businesses accepting cards for payment. The Standard ensures appropriate security protocols are applied to your payment acceptance environment to protect against fraud. In its simplest form, the process of achieving compliance involves a scoping (or profiling) stage, which determines […]
Lots of Internet-connected devices are available on the market and a popular theme now is devices to create a ‘smart home’, which includes smart door locks, surveillance/security cameras and heating control systems that can be monitored and controlled when you are away from the home. This ability to remotely connect to and integrate devices […]
JUMP TO THE INFOGRAPHICS RELATED TO THIS BLOG POST >>> We see and hear many articles in the media about data breaches and talk of millions of records being stolen by faceless cybercriminals. But once this data is stolen and obtained by the individual or criminal organisation, what do they do with […]
Cybersecurity becomes even more complicated in the context of today’s threat landscape, which is not only constantly changing, but is also expanding at an increasingly fast rate. This is the most problematic element of Cybersecurity; its evolution is so fast and unpredictable while the nature of the risks involved are constantly changing. Managing security […]
The recent global ransomware attack, referred to as ‘WannaCry’, that resulted in over 45,000 attacks and infected major companies, hospitals and other government institutions, unfortunately caught many off guard. WannaCry targeted computers running Windows operating systems that had not been updated with a security update released by Microsoft in March 2017, as well as […]
By Natasja Bolton, Senior Acquirer Support QSA Steps to protect small businesses from this year’s security threats As 2017 rolls out, we continue to explore the security threats and cyber-attacks expected to feature this year. Following on from part 1 which can be read here, in part 2 we examine other risks such […]
by Dr. Grigorios Fragkos, VP Cybersecurity Back in August 2015, Sysnet discussed the complexity of what the term CyberSecurity represents, especially in the context of today’s threat landscape. This complexity is not only constantly increasing but it is also expanding at an exponential rate. The risks involved demand constant attention and very good understanding of […]
Just in the the US alone, there are approximately 28 million SMBs many of which struggle with keeping their business safe from cybercriminals, they often lack the knowledge, resources and budget to implement a suitable cybersecurity plan. Given the sheer volume of SMBs within the majority of acquiring portfolios, the security of these customers can have a large […]
by Dr. Grigorios Fragkos, VP Cybersecurity Ransomware, a malware that prevents or in some cases limits users from accessing their data has been on the rise. Last year, 2015 saw a considerable increase with Crowti (also known as CryptoWall) and FakeBSOD being the two instances that affected more than 850,000 systems between June and November. […]
by Natasja Bolton, Acquirer Support Manager On 7th December 2015 it was announced that the European Parliament, the European Council and the European Commission have agreed on the first EU-wide legislation on cybersecurity: the EU Network and Information Services (NIS) Directive. With the emerging threat of cyber-attacks, it is hoped that the NIS directive will […]
by Dr. Grigorios Fragkos, VP Cybersecurity Many articles have been written about cybersecurity, most have focused on the broad meaning of the term and in some cases have treated cybersecurity as an off-the-shelf product. The truth is that cybersecurity is more complicated than that. In this article, we will discuss some of the reasons […]
by Dr. Grigorios Fragkos, VP CyberSecurity It is strongly suggested you verify that the Web Browsers you are using have been updated to the latest version and if you have Adobe Flash Player installed in your system, make sure you have downloaded the latest version from the official URL: https://get.adobe.com/flashplayer/. In order to […]
On June 11th 2015, an updated version of OpenSSL was released. However, it was disclosed yesterday that it contained a serious certificate validation error. Luckily, the vulnerability was discovered quickly enough (two weeks ago) and once it was made public, a patch was also made available. To read more on the Open SSL Vulnerability please […]
The VENOM Vulnerability, a recently discovered critical flaw in the QEMU’s virtual Floppy Disk Controller (FDC) affects numerous virtualisation platforms and appliances such as Xen, KVM, and the native QEMU. As far as we know, to date, it does not impact VMware, Microsoft Hyper-V, and the Bochs hypervisors. The bug’s name is an acronym […]
by Anne Wood, Managing Information Security Consultant When we work with clients tackling compliance for the first time, we generally find one of two scenarios. In the first, organisations have a comprehensive suite of documents but lack in operational processes. In the second, we see a reasonable level of operational process but a lack of […]
By Jeff Montgomery, Principal Information Security Consultant On the 13th of February, the PCI Standards Security Council (SSC) released an official statement confirming the impending release of a new version of the PCI DSS and PA DSS. They also released a follow up statement on the 25th of March. What we know As the […]
