Recently, more and more news has surfaced about millions of consumers becoming affected by data breaches. Most of these data breaches involve a company’s point of sale (POS) machine. The main objective for hackers, when attempting to hack a company’s POS machines, is to steal the 16-digit card number from your credit card. Obtaining credit card information from big companies can be extremely lucrative for hackers, as on the black market, credit cards can sell for up to £100 per number.
Encryption is one of the foundations of keeping data secure, if a hacker can't read the information they've stolen, it's useless. Storing unencrypted cardholder data in any part of your website is asking for trouble. Hackers know what to look for and where to find it, so you need to ensure you're encrypting data.
Based on real and potential weaknesses identified in existing security protocols as well as industry guidance on algorithms, the following are some things to bear in mind when considering your business’ plans for encryption in 2018.
Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering based attacks, criminals attempt to lure an unsuspecting victim into launching a malicious piece of code. It can then do anything from sit in the background as a zombie waiting for the next instruction, or something more sinister, such as lock your computer and demand payment. This is something we've seen in the recent NHS WannaCry and Petya/NotPetya ransomware breakouts (as badly orchestrated as they may both have been).
Following on from Encryption 101, this post will focus on different methods of Encryption, when they're applicable and why they are important.
Recently, more and more news has surfaced about millions of consumers becoming affected by data breaches. Most of these data breaches involve a company’s point of sale (POS) machine. The main objective for hackers, when attempting to hack a company’s POS machines, is to steal the 16-digit card number from your credit card. Obtaining credit card information from big companies can be extremely lucrative for hackers, as on the black market, credit cards can sell for up to £100 per number.
Encryption is one of the foundations of keeping data secure, if a hacker can't read the information they've stolen, it's useless. Storing unencrypted cardholder data in any part of your website is asking for trouble. Hackers know what to look for and where to find it, so you need to ensure you're encrypting data.
Based on real and potential weaknesses identified in existing security protocols as well as industry guidance on algorithms, the following are some things to bear in mind when considering your business’ plans for encryption in 2018.
Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering based attacks, criminals attempt to lure an unsuspecting victim into launching a malicious piece of code. It can then do anything from sit in the background as a zombie waiting for the next instruction, or something more sinister, such as lock your computer and demand payment. This is something we've seen in the recent NHS WannaCry and Petya/NotPetya ransomware breakouts (as badly orchestrated as they may both have been).
Following on from Encryption 101, this post will focus on different methods of Encryption, when they're applicable and why they are important.
