If your organisation is compliant with PCI DSS, chances are you’re conducting penetration tests on an annual basis. This “ticks the box” from a PCI perspective, and your QSA will have no problems marking you as compliant – but is a box ticking penetration test really enough?
We live our lives hoping that we will never need to make claims on our insurance policies. Whether that is home, motor, life or phone, making a claim generally means something isn't how it should be. Ultimately, a policy is there to protect something of value to us, and as the world in which we lives changes, the information you have and the systems you run your businesses on are valuable assets too - so is now the time to think about cyber insurance?
Outsourcing PCI DSS controls to third parties can hugely support a merchant (or service provider) PCI DSS compliance program and can be a great thing if you want to leverage any SAQ reduction criteria, meaning you have less controls to complete yourself so less costs and less complexity; always a good thing, BUT you must have a handle on service providers if you want to take this route.
We recently looked at what to do to avoid becoming a victim of ransomware. But sometimes, even if your employees are trained to the highest standard and you have the right technology installed, ransomware can still slip into the network. It's important to know what to do if you suspect you've fallen victim to a ransomware attack on both an individual and organizational level.
The 2018 RSA Conference took place in San Francisco last week and Nettitude's Senior Consultant, Ben Rothke traveled there to deliver a presentation on ransomware. He discussed both how not to become a victim, and what enterprises should do if they do become one. Here is a recap of what Ben discussed.
The blockchain, although developed for and most commonly known as a financial instrument within cryptocurrencies, is gaining an increasing foothold as a useful technology in many industries. It is being applied to many applications and held up to solve some interesting problem areas.
There’s a critical date approaching in the PCI DSS calendar. Some of you may be wondering “what date could possibly be that important?”
Each year we look back at the statistics and how concerning it is that how rapidly the number of cyber attacks is increasing. 2017 saw the most attacks yet, and nobody seemed safe. From the WannaCry ransomware that brought the NHS to a grounding halt, to the Equifax hack that saw an estimated 145 million customer details compromised.
Creating a strong and secure password is an important part of protecting your confidential data and networks. However these have come under attack from cyber criminals trying to access your infrastructure. Many hackers will get hold of your passwords through social engineering activities, by tricking you into entering your login credentials to a false site or software. Another common way for criminals to get your passwords is through brute force, where they use tools to automatically enter the most common passwords that we are all guilty of using, with the hope that one of them works.
Topics: Cyber Security