Cybersecurity and Information Resilience Blog

With more information on the PCI DSS v4.0 update gradually coming to light, it appears that the long-awaited update is getting further away not closer. This means that organizations will have a generous timeframe during which transition can occur.

So down to the question:

What do we know, and what can we say for certain about PCI DSS Version 4?

While the hybrid office model is seen as a flexible solution to allow employees to efficiently perform their daily duties while keeping them safe, it also generates potential cybersecurity risks if left unmanaged. Risks in this scenario are primarily based around loss of visibility of employee activity and data, employee susceptibility to phishing attacks, and employees using shadow IT.

Research by the cybersecurity and information resilience team at BSI shows that over a third of organizations are unprepared for a cyber incident, with one in six highlighting that they have experienced a COVID-19 related data breach and cyber-attack in the past six months.

In planning a road trip across country by car, I would not want to use a map that was not updated since 1955. Roads have changed and new freeways would have been added that would not be on the 1955 map. In the same fashion, in planning changes to my environment or in planning and validating security solutions and controls, I need to have the most up to date and accurate depiction of my network. The best way to stay current is to add a step to your change control process

The European Court of Justice ruled that the EU/US  Privacy Shield data transfer mechanism is invalid.  Conor Hogan, Global Practice Director - Privacy at BSI, reviews the impact and implications of the European Court of Justice's decision on the 5000+  organizations that rely on the Privacy Shield for the transfer personal data between the EU and US and vice-versa.