To a hacker, the internet is a gold mine of information, and the trick to striking something of value is all about digging through the right piles of data. For example, it was recently revealed that approximately 1 billion email accounts were affected in the infamous Yahoo breach. Let’s say that after purchasing the stolen credentials for one of these email addresses, a hacker sifts through the inbox and finds a way to log into the holder’s other accounts. With enough digging, that hacker could eventually make his or her way to payment card information, which can then be sold on the dark web and used for fraud.
Of course, this is only one of many ways a hacker might obtain payment card data that can eventually be used for fraud. Other more direct methods include:
- Point-of-sale malware.
- POS and ATM card skimmers.
- Phishing scams.
- Insider negligence.
- Data breaches against financial institutions.
Currently, cardholder data theft is costing banks and merchants well over $16 billion. According to the Nilsen Report, that amount will increase to $35 billion by 2020.
To prevent further escalation of cybercrime-related damages, financial institutions must abide by regulations such as the PCI Data Security Standard (DSS), while doing everything they can to improve security posture in other ways. There are few offerings that can do both of these simultaneously, but a managed security operation center is one of them.
Breaking down PCI DSS requirements
The PCI Security Standards Council created DSS as a way to enforce minimum requirements for correct issuance, handling, safeguarding and storing of cardholder data. Many of these standards are best practices that organizations should already be doing. Nevertheless, they’re steps that many financial institutions either struggle with or accidentally overlook.
Recently, Arctic Wolf Networks’ director of product marketing, Sridhar Karnam, hosted a webinar distilling the requirements of PCI DSS into a 12-item checklist that included the following:
- Install/maintain a firewall and its configuration.
- Change default passwords and update them regularly.
- Guard card holder PII with EMV technology.
- Properly encrypt card data transmissions over public networks.
- Use an up-to-date antivirus tool.
- Develop secure applications.
- Restrict/limit cardholder data to as few authorized employees as possible.
- Create unique login ideas for those with access.
- Restrict physical access to payment card data.
- Track/monitor network access to network resources and payment data.
- Test security systems and processes on a regular basis.
- Establish and maintain an information security policy for all personnel.
Understanding the overlap between SOC and PCI DSS
What ultimately makes Karnam’s webinar so helpful is that it underscores the areas of overlap between PCI DSS requirements and what SOC-as-a-Service provides for customers. In broad strokes, the purpose of SOC-as-a-Service is to detect potential threats to data in real time. Additional benefits include regular vulnerability assessments, reports that summarize threat intelligence and the ability to consult a dedicated team of security engineers.
By default, these engineers will provide recommendations to ensure that many of the requirements outlined above are met. But beyond that, a SOC-as-a-Service provider tailors its offering to clients in order to ensure their unique needs are met. This entails building out and executing the best possible threat detection and response strategy that factors in PCI DSS and other types of regulatory compliance without obscuring the client’s visibility of their own security posture.
To learn more about how a CyberSOC makes this possible, click here to view the full webinar.