Our Thinking

The Online Team and I had a great time at the PCI Community meeting last week, set in the spectacular environs of Vancouver BC. We ate and drank, pontificated, watched ferries and seaplanes come into the harbor (my inner 8-year old self couldn’t resist and I booked a flight out on one), and had a generally spectacular time networking with old and new friends in the payment security space.  While there were far too many interesting presentations and conversations to put into one place, I had a few takeaways that I felt were worth sharing. In no particular order:

Online is proud to feature a chapter from Tribe of Hackers, written by Marcus J. Carey and Jennifer Jin. Our very own security expert Jeff Man shared many insights and stories in chapter 25 of this highly acclaimed book.

Jeffrey Man is a respected information security expert, advisor, evangelist, and co-host of the security podcast Security Weekly. He has more than 35 years of experience in all aspects of computer, network, and information security. Jeffrey has held various information security roles within the DoD as well as private sector enterprises, is a former PCI QSA, and was part of the first penetration testing red team at the NSA.

You’ve. Been. Hacked.

Three words that no business owner wants to read while opening their daily email, yet it happens more and more every year.

At Online Business Systems we have our feet in two different worlds – Digital Transformation and Cybersecurity. As you can guess, we get a lot of questions about how to plan for and incorporate a security strategy when designing and executing a digital transformation project (e.g. process automation, transforming to a paperless organization, incorporating AI, or a cloud migration.) I have read quite a few articles and blogs written on this topic recently and had a few thoughts of my own based on my experiences being on the front lines where we’ve seen security done well (and also, unfortunately, not so well.)

So, let me tell you a story.  This is a true story.  A personal story about a request I got from someone who is near and dear to me.

These kinds of requests are becoming more and more common and so I wanted to share what happened so that you can recognize it when somebody comes knocking on your door (or email) with a similar ask.  Who would suspect that a gift card could be the tool of a phishing attack?  You should.

RSA week is always a busy time of attending presentations and training sessions, exploring the [newly expanded] Expo Hall (700+ vendors), checking out what’s new in the Early Stage Expo (aka the Sandbox), catching up with old friends/colleagues/customers, and being enticed to attend way too many parties/receptions every evening.

This past year saw a continuation of established trends in cybersecurity. Breaches continue to rise, attackers are getting more sophisticated, and the market continues to be flooded with silver bullets that promise to solve all enterprise security problems in one fell swoop.  As an organization, Online works with hundreds of organizations, many in healthcare and have learned a few things. Here are five things we learned in 2018 that you and your organization should consider for moving forward:

In the spirit of Data Privacy Day, which was recognized throughout the world, we wanted to share a special mid-week post with you from our GDPR expert Privacy Consultant and Legal Counsel, Laura Sulymosi.

Two Things Every CISO Should Consider:

1. “What critical assets do you have that are worth protecting?”
2. “What happens if they’re compromised?” 

These were two questions I asked a CIO from a large Energy company when I had the chance to sit down with him recently.

Although 2019 promises a new version of the Payment Card Industry Data Security Standard (PCI DSS) the current version 3.2.1 is the de facto standard for measuring security programs for all merchants and service providers that participate in commerce using credit or debit cards.

There are twelve major requirements in the PCI DSS, and considering the complexity of the material we have chosen to dedicate individual blogs to the different requirements. The focus of these blogs will be to provide tips and pointers, help provide clarity for “what’s new” and to enhance understanding so that your organization can achieve a sustainable security posture that easily satisfies the requirements of the PCI DSS.