What Is PCI DSS

Launched in 2004, the Payment Card Industry Data Security Standard is a set of security measures that enhances the security of cardholder data and combats payment fraud.

It's not a law but a contractual requirement enforced by payment card companies and banks to protect sensitive credit card information, thus fostering trust between merchants and customers.

The Evolution To PCI DSS 4.0

It is the latest iteration, emphasising continuous monitoring, enhanced data protection, and incorporating new technologies into compliance efforts.

It introduces a "Customised Approach" for compliance, allowing more flexibility in meeting security requirements based on the organisation's specific circumstances.

Goals And Key Updates

Critical Developments in PCI DSS 4.0

Introducing the ' Customised Approach ' is the most significant change from PCI DSS 3.2.1 to 4.0. This update differs from the traditional 'Defined Approach', which requires strict compliance with the technical controls specified in the standard.

This new approach allows users to select the most suitable environmental controls to manage associated risks. As a result, it offers greater adaptability and the ability to embrace innovative solutions.

In PCI DSS 4.0, users can use the Defined or Customised Approach, depending on their specific needs and circumstances

Other notable updates include:

Implementation Timeline

The PCI Security Standards Council introduced this new audit on March 31, 2024.

It has a transition period for adopting the 64 new requirements, which allows organisations time to adjust to the comprehensive changes.

Understanding Deepfake Technology

In recent years, the cyber threat intelligence community has identified risks about the alarming increase of 'deepfake' technology. This technology allows for the creation of compelling fake audio and video. Fraudsters exploit it to target companies and individuals, posing a significant cybersecurity threat.

"Deepfakes" use AI to take existing sound and video clips to create a new recording that shows someone saying or doing anything the deepfake tool is programmed to mimic.

Common types of deepfakes include;

Unraveling The Scam

LastPass, the password manager application, has issued a warning that one of its employees fell victim to a social engineering attack involving an audio deepfake, which imitated the voice of the company's CEO.

LastPass' Senior principal intelligence analyst, Mike Kosak, had this to say about the incident in a recent blog post:

"In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp."

Mike goes on to explain, "As the attempted communication was outside of normal business communication channels and due to the employee's suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team."

What is Fraud?

Fraud occurs when someone uses deception or manipulation to unfairly gain an advantage over you, often to acquire money, goods, services, or property dishonestly.

Some common types of fraud include:

Authorised Push Payment (APP), or bank transfer fraud, occurs when a scammer manipulates an individual into sending money from their bank account to the fraudsters under the impression it is for a legitimate reason. A frequent tactic includes impersonating a bank and persuading the victim that they need to move funds to a 'secure account' for safety purposes.

Identity fraud involves the unauthorised use of your personal information for deceptive purposes. Perpetrators may exploit this information to perform actions like opening new bank accounts, securing loans, or engaging in transactions under your name, potentially leading to further fraudulent activities against others.

Phishing is a cyberattack in which individuals are tricked into disclosing personal information like passwords and credit card numbers via fraudulent emails, messages, or websites. These scams mimic trustworthy sources to lure victims into clicking harmful links or sharing sensitive data, aiming to steal identities or funds.

Vulnerability to Fraud

Anyone can experience fraud, regardless of age, education, or financial status.

Fraudsters often target individuals, businesses, and organisations using tactics tailored to exploit specific vulnerabilities or situations.

While certain groups may be more frequently targeted due to perceived vulnerabilities or valuable information they possess, such as the elderly, online shoppers, or small businesses, the reality is that no one is immune to the risk of fraud.

Awareness, education, and preventive measures are vital to reducing one's risk of becoming a victim.

BDO's Insights on Fraud

The BDO FraudTrack 2024 report reveals a significant rise in UK fraud, with a total of £2.3 billion reported, doubling from 2022 and marking a decade high.

BDO attributes the significant increase in fraud to the rising prevalence of online scams, including phishing attacks and security breaches, along with the surge in authorised push payment (APP) schemes, where individuals are tricked into sending money to fraudsters.

The FraudTrack 2024 report also highlights the emerging threat of fraudsters using Artificial Intelligence (AI) to target consumers more precisely and efficiently. This advancement underscores a significant shift towards more sophisticated and harder-to-detect methods of fraud, addressing a critical need for increased awareness and advanced protective measures among consumers.

Understanding Identity and Access Management (IAM)

Identity and Access Management (IAM) is a comprehensive framework involving a blend of policies, processes, and technologies designed to manage digital identities. The main goal of IAM is to enable authorised individuals access to the resources and information suitable to their roles while preventing unauthorised access to sensitive data. This balance ensures operational efficiency, compliance with regulatory standards, and protection against data breaches.

Celebrating Identity Management Day 

Initiated in 2021 by the National Cybersecurity Alliance, Identity Management Day is observed annually on the second Tuesday of April.

This significant day falls on Tuesday, the 9th of April 2024. It aims to elevate awareness among business leaders, IT professionals, and the general public regarding the crucial role of identity management. It encourages stakeholders to actively engage in practices that strengthen our digital security.

Consequences of Inadequate Identity Management

Neglecting strong identity management practices exposes individuals and organisations to significant risks. These include susceptibility to cybercrime, identity theft, and financial fraud.

The lack of effective identity management leads to data breaches within corporations and account takeovers for individuals.

Cybercrime can affect anyone possessing digital devices or online accounts, underlining the universal need for vigilant identity management.

The Big Day!

On Saturday, 30th March, we were lucky enough to witness our very own Danilo (known as Thinking Critically DND on Twitch) smash his third year of "Game On."

Game On is a 12+ hour gaming marathon packed with forfeits and challenges for every money milestone raised. It is a yearly event that raises money and awareness for Naomi House & Jacksplace. This incredible charity improves the lives of children and young people facing life-limiting and life-threatening illnesses. Some of their services include respite care, end-of-life care, bereavement support, emergency respite, and family support.

Danilo's commitment to raising money for this fantastic cause was truly admirable. Beginning at 11 am, he started playing his two chosen games: 'Alone in the Dark'—set in 1920s Louisiana and challenging players to escape a haunted mansion—and 'Helldivers'—where players need to coordinate their actions during chaotic combat to complete objectives and avoid friendly fire casualties.

There was no delay in the donations beginning to flow in, it was clear from the offset that this stream would be a highly popular one.

 

The First Few Hours…

Every spin on the forfeit/challenge wheel resulted from a donation of £20 or higher. Thinking critically, DND was a great sport, and he gladly dressed up in items from a box of various costumes, ate delicious spoonfuls of baby food mixed with different hot sauces, and played his games with 'upside down' glasses on. We witnessed the much-anticipated appearance of a fan-favourite challenge, where he skilfully applied various makeup products, including lipstick, eyeshadow, and blusher, that added to his look! And, of course, the "dirty shots" also made a comeback. This year's menu was a cocktail of Worcester, soy sauce and fish juice- yum!

Within 30 minutes, the first milestone, £100, had been hit. Fortunately for the audience, but unfortunately for Danilo, it was time for him to tuck into a raw onion! He made a good effort, but after a few bites, the tears started flowing! Luckily, he had more gameplay on Alone in the Dark and Helldivers to distract him.

By the time Thinking Critically DND had been streaming for 3 hours, the next milestone of £250 had been reached! This means it was time for the return of the leg wax. Even though he mentioned the sting the wax strips left a few times, he was a fan of how smooth he was after the challenge!

Discover how to protect your digital assets with advanced backup strategies, ensuring your data remains secure and recoverable.

What Is A Backup?

It is a copy of data made to keep it safe in case it gets lost or damaged. This helps protect against unexpected problems like computer crashes, security issues, natural disasters, or accidental erasing.

They are stored on separate media or in remote locations, providing redundancy and resilience. They offer peace of mind, allowing for data recovery and continuity of operations. Data integrity, regular scheduling, security encryption, and backup success verification are vital elements.

Why Should I Back Up My Data?

Losing digital files is surprisingly common, much more than most people realise. It's easy to underestimate the fragility of digital data in our daily lives. Whether through accidental deletion, hardware failure, or even software corruption, the risk of losing precious documents, cherished photographs, or critical work projects is ever-present.

This vulnerability underscores the importance of being vigilant and proactive in protecting our digital assets. A seemingly minor oversight or a simple technical glitch can potentially erase irreplaceable memories and valuable information instantly.

Data from the world back up day.com A website found that 21% of people do not back up their data. Additionally, 113 phones are lost or stolen every minute.

Mastering Data Protection: The 3-2-1 Strategy

The 3-2-1 strategy is a widely recognised data protection approach emphasising redundancy and resilience. It involves creating multiple copies of your data and storing them in diverse locations to ensure maximum protection against data loss. Here are the three components of the 3-2-1 backup strategy

Three Copies of Data

The initial step of the 3-2-1 strategy involves making three versions of your data: the original and two extra copies. Having multiple copies ensures redundancy and reduces the risk of data loss in case one copy becomes inaccessible or corrupted.

Two Different Storage Media

The next step is to store copies of your data in two different types of storage media. This could include a combination of external hard drives, network-attached storage (NAS) devices, tape drives, or cloud storage. Using diverse storage media helps mitigate the risk of data loss due to hardware failures or compatibility issues.

One Offsite Backup

Finally, one of the copies should be stored offsite, preferably in a remote location or cloud backup service. This ensures that even in a localised disaster such as fire, flood, or theft, your data remains safe and accessible from a separate geographical location.

By using the 3-2-1 strategy, you can protect your data from problems like hardware breakdowns, natural disasters, cyberattacks, and mistakes. This method keeps your data safe, giving you peace of mind. It ensures your important data is secure and available when needed.

Managed IT is a solution third-party companies provide to oversee and handle the IT needs of other organisations. It allows the client company to focus more on their core business activities rather than managing IT tasks.

Managed IT services, like ours, can cover various functions depending on the business's needs and the MSP's offerings. Typical services include the following:

  1. Remote Monitoring, Proactive Monitoring and Management of Servers and Networks: Ensuring the IT infrastructure runs smoothly, efficiently, and securely.
  2. Cyber security Services: Providing comprehensive security measures, including firewalls, antivirus software, intrusion detection, and more, to protect against threats.
  3. Data Backup and Recovery: Setting up regular data backups and recovery plans helps keep the business running smoothly, even if data is lost.
  4. Cloud Services: Offering cloud computing solutions, including hosting, cloud storage, and cloud-based applications, to increase flexibility and scalability.
  5. Software-as-a-Service (SaaS): Providing access to applications over the internet, eliminating the need for installing and maintaining software on individual devices.
  6. Help Desk Support: Offering on-demand technical support to address IT-related issues and queries.
  7. Consulting and Strategy: Assisting with IT strategy planning, including technology roadmaps, digital transformation initiatives, and IT budget planning.

Managed IT services provide cost savings, expertise, advanced technology, and improved security. They also allow businesses to focus on their core procedures without being distracted by IT issues. In today's blog, we will explore proactive monitoring in more depth.

Proactive Monitoring

As companies increasingly depend on technology, the significance of proactive monitoring has grown. This approach employs techniques and tools to identify and address potential problems before they escalate into significant issues.

By adopting preventive monitoring strategies, you can enhance the reliability and efficiency of your technology ecosystem, whether it involves managing IT systems, applications, or infrastructure.

What is Proactive Monitoring?

Proactive monitoring includes continuously surveing computer systems, applications, and infrastructure to identify and rectify potential problems before they escalate into more significant issues. Proactive application monitoring aims to detect and resolve issues before they affect end users, clients, or business processes.

Various tools and methodologies collect and examine data, including system alerts, performance metrics, and event logs. This data is used to identify trends, patterns, and anomalies that could indicate a potential problem.

By doing this, companies can decrease downtime, enhance system performance and improve. In contrast, reactive monitoring waits to identify problems until they have caused substantial issues. This potentially can lead to costly downtime, data loss, and damage t

AT&T researchers discovered a clever phishing campaign. This campaign intercepted a Microsoft Teams chat group. It then sent DarkGate malware to the systems of unsuspecting victims. While many individuals are now somewhat familiar with the mechanics of phishing attacks, using a team chat as the delivery mechanism represents a novel and unexpected method.

Once the attackers had infiltrated the Teams chat, they utilised a domain ending in .onmicrosoft.com to send phishing emails. These emails tricked users into downloading a file that appeared legitimate but was, in fact, malicious.

How The Hack Worked

Researchers found attackers used a hacked domain to send 1,000 harmful invitations to Teams group chats. During the chat, the attackers tricked the invitees into downloading a file called 'Navigating Future Changes October 2023.pdf.msi'.

Accepting this file prompted the malware download, which subsequently connected to its command-and-control server at hgfdytrywq[.]com for further instructions.

The attack was successful because users had enabled External Access in Microsoft Teams. This feature allowed them to send messages to users in other groups. Researchers have stated this as the reason for the attack's success.

As we enter the digital age, it's unsurprising that the London Underground needed an upgrade for better connectivity. A rollout of high-speed mobile network coverage will be available in stations and tunnels within the London underground complex.

By spring 2024, approximately 40 stations will benefit from enhanced mobile coverage, including 4G and 5G, according to an announcement made by Transport for London (TFL)

The first stations to receive the network upgrade are Oxford Circus, Tottenham Court Road and the central lines between stations. Mobile coverage will have a new Emergency Services Network (ESN), allowing first responders to quickly access life-saving information.

What Is Safer Internet Day?

Safer Internet Day has never been more paramount in an era when our lives are increasingly intertwined with the digital world. Celebrated globally, this day reminds us of our collective responsibility to foster a safer online environment.

It's a day dedicated to promoting safer and more responsible use of online technology, including mobile phones, especially among children and young people worldwide. As we use the internet, businesses must join the conversation and protect their online presence.

The day pulls on three primary concepts to reflect on. These are as follows:

By embracing this approach, we aim to guide you towards safer, more informed online actions for yourself, your business, and your family.

The Significance of The Day

The internet plays a massive part in our lives today, making it crucial for everyone to understand how to stay safe online. This day encourages individuals, educators, and organisations to take part in creating a better internet for everyone. From cyberbullying and social networking to digital identity management, the scope of this day covers a broad spectrum of internet safety topics.

It's a call to action for everyone to play their part in creating a safer digital environment through education, discussion, and proactive measures.

The Role of Businesses in Promoting a Safer Internet

Regardless of size, businesses wield a considerable influence on the digital landscape. They are service providers and gatekeepers of vast amounts of personal data. In this context, businesses have a pivotal role in promoting internet safety. This includes implementing robust cyber security measures, ensuring data privacy, and fostering a culture of awareness and responsibility among employees and customers.

silver-lining-logo
© Silver Lining Convergence Ltd
Registered Company Number: 06212357
Index
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram