Recently, vendors of security rating services have added attack surface analysis services to their commercial offerings. These offerings are not based on newly developed products but rather on the positioning of their existing solutions for a new use case. However, the attempt to apply such solutions to the analysis of external attack surface risks is not only wrong but also dangerous. Security rating services are simply not built for purpose and as a result, leave organizations with risky blind spots.
Back in 2004, the Financial giants Visa, American Express, Discover Financial Services, and JCB International together with the Security Standard Council formed the PCI DSS (Payment Card Industry Data Security Standard). The PCI DSS is a set of security standards including 12 requirements for protecting cardholder data and maintaining a safe and secure payment ecosystem.
Topics: PCI DSS
SSL certificates grant authentication to your websites or domains and are critical for ensuring a proper encrypting of Internet traffic and verifying servers’ identity. Without these certificates, end users will have no way of knowing if the website they are currently browsing is who it claims it is.
The SolarWinds supply chain attack is one of the most sophisticated cyber attacks the world has witnessed in recent years.
We set down with Kfir Tzukrel, CISO at Direct Finance for a chat about the risks of Shadow IT and how to make cyber security awareness training engaging and fun.
"Truly understanding the full scope of the business and its risks is a huge challenge. its constantly changing and you need to react quickly."