Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • PCI DSS 4.0 Is Coming – Are You Ready?
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

PCI DSS 4.0 Is Coming – Are You Ready?

5 years ago Paul Norris
PCI DSS 4.0 Is Coming – Are You Ready?

Ransomware today is a billion-dollar industry. It’s crippled industries like healthcare. In 2017, for instance, WannaCry brought much of the United Kingdom’s National Health Service to its knees using the EternalBlue exploit. It was just a few weeks later when the NotPetya ransomware strain leveraged that same vulnerability to attack lots of industries.

These attacks and others like them were made possible by the ongoing presence of weak security controls and outdated operating systems. Looking ahead, it’s likely that malicious actors will continue to use ransomware to target a variety of industries. They’ll also probably go after individual organizations’ Point of Sale (POS) systems, as EMV chip cards have made data scraping nearly impossible.

PCI DSS to the Rescue

Fortunately, organizations can help to protect their cardholder environments against ransomware and other digital threats by achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS). Created by the PCI Security Standards Council, PCI DSS is a set of requirements that organizations can use to protect their cardholder data. It also limits card issuers’ and banks’ liability in the event that a merchant suffers a data breach.

Introducing PCI DSS v4.0

As of this writing, it’s looking like the PCI Security Standards Council will complete version 4.0 sometime in mid-2021. Little is currently known about the new version of PCI DSS. But we do know some of the goals of the revised standard. These include the following:

  • The revised standard will continue to meet the needs of the payment industry as technologies and solutions continue to change.
  • PCI DSS v4.0 will seek to add flexibility and support additional methodologies for the purpose of achieving security. (Historically, the standard has been good at this. It’s introduced methodologies like file integrity monitoring (FIM) and vulnerability management (VM) in the past.)
  • One of the primary goals of PCI DSS v4.0 will be to promote security as a continuous process so that in-scope organizations can remain compliant overtime.
  • Lastly, PCI DSS v4.0 will continue to enhance validation methods and procedures that seek to help organizations with their compliance efforts.

Upon the completion of PCI DSS v4.0, there will be an extended transition period of time during which organizations can update to the newest version of the standard. The previous version, PCI DSS v.3.2.1, will remain active for 18 months upon the completion of v4.0. This will give organizations an opportunity to become familiar with the standard, supporting documents and other changes as well as plan their update process. To maintain compliance, organizations will need to complete their update plans by Q1 2024—the projected time when v4.0 will take effect.

Some Challenges to Consider

This transition period could exacerbate some challenges associated with obtaining and maintaining compliance with PCI DSS. First, there’s the threat of configuration drift. Organizations need to have a goal in mind for the environment and stick to it to make sure that systems in their cardholder environments stick to that desired state.

Second, organizations need to undergo the tedious task of demonstrating compliance to auditors. A lot of time and effort is needed to complete an audit depending on the number of assets, tests and controls. (Organizations need to have historical data to demonstrate compliance over time, after all.) Depending on their available resources and the size of their cardholder data environments, organizations might also not find it practical to audit all of their systems. Such a decision could leave certain digital threats to continue lurking on their systems.

Lastly, organizations might choose to invest in a PCI DSS compliance solution but not leverage it to strengthen their security in a meaningful way. PCI DSS requires that organizations have log management, FIM and VM capabilities in place, but all of this could prove to be costly if organizations are implementing a different solution from a different vendor for each security function. Even then, the capabilities might not advance organizations’ security beyond a “checkbox” function. Their FIM solution might alert to changes but offer no context, for instance, while their VM solution might conduct regular scans and identify weaknesses but not offer organizations guidance or hold them accountable to fix those holes.

How Tripwire Can Help

Tripwire can help organizations get ready for PCI DSS v4.0.

It’s equipped to help organizations demonstrate compliance not only with PCI DSS but other major standards like CIS, ISO 27001 and many others. It does this by providing out-of-the-box audit report templates and automated compliance reporting. This enables Tripwire to connect to all assets in scope, test those assets and determine if they pass or fail a test for compliance, thereby saving organizations the time they would have otherwise spent on manually auditing everything. It’ll then produce reports that not only show compliance but also log changes to in-scope assets.

With that visibility, organizations can stay on top of their in-scope assets, address instances of configuration drift quickly and thereby maintain compliance over time.

How Tripwire supports compliance

For more information on how Tripwire can help your organization achieve and maintain compliance with PCI DSS, click here.

The post ” PCI DSS 4.0 Is Coming – Are You Ready?” appeared first on TripWire

Source:TripWire – Paul Norris

Tags: Compliance, Encryption, Exploit, Malware, Ransomware, TripWire

Continue Reading

Previous MalwareTech, WannaCry and Kronos – Understanding the Connections
Next CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

More Stories

  • Cyber Attacks
  • Data Breach

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

13 hours ago [email protected] (The Hacker News)
  • Data Breach

The Buyer’s Guide to AI Usage Control

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

16 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

20 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

21 hours ago [email protected] (The Hacker News)

Recent Posts

  • AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
  • ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
  • The Buyer’s Guide to AI Usage Control
  • Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
  • Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT