It’s hard to believe that over a decade has passed since PCI DSS (Payment Card Industry Data Security Standard) was first introduced in 2004 as the information security standard for organizations that store, process or transmit cardholder data. Although it’s become a mature industry standard, two problems remain.
In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”
Late last year about 200 banks in New York took part in a cybersecurity “exam” in which they were made to respond in real time to questions about their cybersecurity policies and procedures. The test was designed to help the banks see how they compare with their peers in terms of being ready for attacks by cybergangs looking to break into their networks.