Encryption is one of the foundations of keeping data secure, if a hacker can't read the information they've stolen, it's useless. Storing unencrypted cardholder data in any part of your website is asking for trouble. Hackers know what to look for and where to find it, so you need to ensure you're encrypting data.
Based on real and potential weaknesses identified in existing security protocols as well as industry guidance on algorithms, the following are some things to bear in mind when considering your business’ plans for encryption in 2018.
Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering based attacks, criminals attempt to lure an unsuspecting victim into launching a malicious piece of code. It can then do anything from sit in the background as a zombie waiting for the next instruction, or something more sinister, such as lock your computer and demand payment. This is something we've seen in the recent NHS WannaCry and Petya/NotPetya ransomware breakouts (as badly orchestrated as they may both have been).
Following on from Encryption 101, this post will focus on different methods of Encryption, when they're applicable and why they are important.
Encryption is one of the foundations of keeping data secure, if a hacker can't read the information they've stolen, it's useless. Storing unencrypted cardholder data in any part of your website is asking for trouble. Hackers know what to look for and where to find it, so you need to ensure you're encrypting data.
Based on real and potential weaknesses identified in existing security protocols as well as industry guidance on algorithms, the following are some things to bear in mind when considering your business’ plans for encryption in 2018.
Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering based attacks, criminals attempt to lure an unsuspecting victim into launching a malicious piece of code. It can then do anything from sit in the background as a zombie waiting for the next instruction, or something more sinister, such as lock your computer and demand payment. This is something we've seen in the recent NHS WannaCry and Petya/NotPetya ransomware breakouts (as badly orchestrated as they may both have been).
Following on from Encryption 101, this post will focus on different methods of Encryption, when they're applicable and why they are important.
