Businesses, in particular small to medium ones, often do not consider that they could be targeted by cybercrime. Unfortunately, the reality is that many small to medium businesses are now very much being targeted by cyber-criminals. The vast majority of criminals are opportunists, meaning that they will look to take advantage of any businesses that are […]
By David Morris, PCI Compliance Analyst Following on from Natasja Bolton’s article that highlighted the PCI Council June 30th deadline in relation to organisations not using Secure Sockets Layer (SSL) or early Transport Layer Security (TLS) as a security control, David Morris discusses the reasons for the requirement to migrate to a secure version of […]
By Mat Clarke, Information Security Analyst Let’s face it, putting in place the plans and procedures necessary to support a forensic breach investigation isn’t a job which is likely to end in glory (in most cases, the best outcome is that you never have to use them). Nevertheless, it should be recognised that laying the […]
In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance. He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not […]
By Paul Prior, Senior Vice President Client Engagement In light of the upcoming US presidential election, it occurred to me that it would be fun (and worthwhile) to reflect on a previous campaign message from a different Clinton in the context of our business. In 1992, James Carville was the campaign strategist for Bill Clinton who […]
Michael Hopewell, Managing Information Security Consultant When a breach is reported in the media, more often than not it’s the well-known large companies that make the headlines. In reality cybercriminals are more successful in attacking smaller companies. The reason for this is that smaller businesses often have fewer resources and as a result are […]
Natasja Bolton, Senior Acquirer Support, investigates We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]
by Dr. Grigorios Fragkos, VP Cybersecurity Building a Security Operations Centre (SOC) is undoubtedly the best move you can make towards protecting not only your organisation’s data, systems and services, but also any sensitive information about your clients that you handle or store. This article is a brief overview of the task of building […]
by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs It is not the first time a military term is being used by the Information Security community in order to describe an Information Assurance process. Operations Security (OPSEC) is a military term referring to the protection of different types of unclassified information which could end up […]
Logjam attack, a vulnerability that affects a number of major protocols has been discovered. The bug relates to a weakness within a cryptographic algorithm that is used in most protocols (such as HTTPS, SSH, IPsec, SMTPS, etc.) it is possible for a Man-in-The-Middle (MiTM) attacker to read and modify any data passed over the affected encrypted communication. […]
Natasja Bolton, Consulting Manager A breach is an intrusion into your computer systems or physical environment where unauthorised access, disclosure, modification, or destruction of data may have led to a compromise of cardholder data. Read more of this Fact Sheet
