Organizations across all industry sectors understand the importance of information security. But turning security awareness into meaningful action - that's the challenge that many midsized entities face, says Sophos' Nick Bray.
As Congressional leaders look for answers about why U.S. card security is failing, there hasn't been enough discussion surround why EMV can't easily fix our system. And the card brands have been conspicuously absent from the debate.
Although skimming attacks are still the greatest ATM fraud concern, experts warn that a new malware strain that targeted ATMs in Mexico may signal a shift and raises questions about software and operating system vulnerabilities.
Version 3.0 of the Payment Card Industry Data Security Standard, to be released later this year, will include a focus on the standardization of compliance assessments, says Bob Russo of the PCI Security Standards Council.
Two new insider fraud cases showcase the challenges organizations face to detect and prevent crimes by trusted employees. "You need IT controls, but you need more than IT," says researcher Randy Trzeciak.
Regions Bank is the eighth U.S. financial institution apparently targeted by a DDoS attack believed to be waged by the hacktivist group Izz ad-Din al-Qassam. Experts say banks should brace for more attacks on the way.
Organizations must carefully consider patch management in the context of overall IT security because it's so important to achieving sound security. Read about NIST's recommendations on how best to implement patch management.
More malware attacks fueled by Citadel and Reveton are getting attention from federal authorities, which say banking institutions and consumers should be on high alert. What can institutions do to mitigate emerging malware risks?