Karel Ruth's Blog

Ensuring PCI DSS (Payment Card Industry Data Security Standard) compliance should not be a break-fix move. Every organisation that has to ensure PCI compliance must have processes in place to ensure continuous compliance. In reality, it has been found otherwise. Organisations seem to be setting up the measures only for the purpose of the audit. There are many reasons - including the high cost of maintaining the needed best practices. However, organisations must wake up and understand the value and benefits of continuous PCI compliance.  Some organisations start abiding by the compliance rules only after they suffer a breach or compromise of data that leads to significant data loss, financial damages, and litigation suits. These litigation have led to loss and closure of organisations. Audits conducted after the compromise revealed that organisations that had earlier passed the audit were also not PCI compliant at the time of the breach.  Courtesy: Net Even if o...

The financial services industry can benefit immensely from adopting cloud technology. Other industries have already gained considerable benefits out of cloud technology, which has served as a boost to faster. To embrace cloud computing the financial services industry must comply with EU General Data Protection Regulation (GDPR) rulings and the PCI DSS (Payment Card Industry Data Security Standard). This is being considered as quite a difficult task that has put off many in the financial services industry to embrace cloud computing. Cloud computing offers immense benefits including flexibility, better efficiency, and value. Flexibility enables users to scale services, customise programs/applications, and access cloud services through the internet from anywhere. Cloud computing drastically reduces the cost of infrastructure, which by itself is a major advantage.  The threat to data security, migration cost, and stringent regulations have been the dampener till now. Ho...

The fact about security updates is that organization will always lag behind to update their infrastructure when patches are released. Even so, too many organizations are taking too long to test and schedule, and they're paying the price. Now, that WannaCry has created havoc across the world locking thousand of systems literally holding their operations. Organization from hospital to telecommunication, Auditing, Manufacturing have all got their computer locked by WannaCry. This ransomware is a made in a way that spreads in your network using the flaw of Windows Server Message Block protocol, which was last patched by Microsoft in March 2017. ExternalBlue use this to exploit the flaw in Windows as part of hacking, which was dumped by the Shadow Brokers group.   Microsoft had last released the patch for Windows 10, but left out the earlier Windows server 2003 at risk. After "Wanna Cry" Microsoft had released updates for all the versions. Windows Server...

Time to set up your computer with Backoff malware . The Shadow Brokers, an internet hacking group came out with huge details that they claim are NSA hacking tools. They further said how the NSAs are targeting online Windows machines. Compare to other CIA breaches this will prove to be nasty for user across the world. Here are few things you need to keep in mind and know how to protect yourself. The tool date shows the date as 2013, as such the security experts are of the opinion that Windows 10 is safe from these tools. So anything before Windows 10 may have been affected. There are several “zero day” exploits with these tools and may go un-repaired or undetected. What’s more worrying is that the tools come with an instruction on how to implement it. This also includes a toolkit that breaches Window Operating System called “FUZZBUNCH”. This makes it possible to trick even the most experienced hacker as they end up running the tool on their system. It may even...

Everyone loves digital wallets. They've made our lives more convenient. We are no longer required to wait in queues to buy something. Just a click on your smartphone, tablet or computer, and whatever you need will be delivered to you without any delay. Just like that! This is the brighter side of using digital wallets. So is there a darker side too? Yes, there is. And it takes the form of digital criminals who are looking for every opportunity to snatch away your digital wallet from you. In other words, the conveniences offered by your digital wallet can, at times, be overshadowed by the security risks they pose. This is especially true if a robust security infrastructure is not in place to secure the transactions you make via your digital wallet. What Improves Your Digital Wallet's Security?   1. PCI Compliance: Payment Card Industry Data Security Standards (PCI DSS) plays a major role in regulating how your credit or debit cards are handled online. S...

There is going to be no end to cyber attacks, ever. Until computers die, of course. And will they ever die? Cyber criminals a.k.a hackers will target enterprises, businesses, and individuals with malware so as to access and gain control of the system and data, hold the systems/devices to ransom, steal private information, compromise IT communication, and sell the stolen information. Though the primary intent in many cases is financial gain, hackers also do it for recognition, personal satisfaction or for a grievance or cause. Enterprises are targeted more frequently, as the gain is substantially more than breaching user accounts and data. Enterprises can't sit idle without taking adequate security measures for endpoint protection. But, the question is "What is the adequate security?" Many businesses are still using traditional malware and threat prevention tool. And when they face a new threat or become wary of a new threat they get an addon detection softwa...

Optimizely known to lead the Experimentation Platform.. With great scientific invention happening with a number of experiments and trial runs behind the scene, Optimizely has taken the lead to showcase its experimentation platform - Optimizely X to entitle marketing teams, development teams and product teams to ensure better business solutions to provide better client experiences through our experimentation platform. This helps to understand what customers would benefit through business solutions through our experimentation platform in giving them an absolute digital experience .  Having said that Optimizely X now meets the security standards of being PCI compliant while processing the online payment. Customers can exploit the experimentation platform - Optimizely X through out the purchase funnel right from the landing page. Customers can now experiment with Optimizely X everywhere in the purchase funnel on their PCI compliant-website, from the initial landing pag...