January saw another round of significant credit card data breaches, one of which was the OnePlus breach that compromised the credit card information of around 40,000 customers. The mobile phone manufacturer experienced a breach on one of its servers, and a malicious script was able to capture customer cardholder information. National Stores, an American clothing retailer, also took a hit as credit card information was compromised over a five-month period starting in July of last year. The company is now working with the FBI to assess the extent of the breach and ensure proper damage control.
News stories like these are becoming increasingly common, and companies should be wary, because attacks like these aren’t going to stop any time soon. In the age of cryptocurrency and the dark web, data theft has become one of the biggest problems security professionals have to deal with. Attacks are evolving fast—much faster than defense mechanisms can cope with, meaning if someone wants to carry out a targeted attack, chances are, they will succeed.
All these developments have made PCI DSS compliance—comprised of 12 security requirements for enforcing the security of cardholder data—more important than ever. Most businesses today—such as your own—accept credit card payments and deal with sensitive cardholder information.
Having tight security measures for storing and processing data can reduce the chance of data misuse, help you detect and respond to breaches, and keep you PCI compliant. It’s important to look beyond basic preventive security measures and strengthen your incident detection and response mechanisms as well. SIEM (security information and event management), change auditing, and file integrity monitoring all play a major role in complying with PCI DSS.
In fact, PCI DSS requires that you collect log data from the different systems across your network and ensure secure archival. Do you know why this is important? Your log data is the first place you should look if something goes wrong. If you had to carry out a forensic investigation into an incident then your log data would carry the information you need.
We will only continue to hear about more credit card breaches in the months and years to come. If you don’t want to end up as another victim reported in one of these stories, then now is a good time to assess your cybersecurity strategy and bolster your defenses.
Worried about complying with PCI DSS? Our SIEM solution Log360 can help meet requirements 10 and 11.5 of PCI DSS. Click here to schedule a free web based demo of Log360 to learn how our solution can help you with PCI DSS.