-
The creation of a new cybersecurity agency is the latest move by the Obama administration to combat the increasing threat of cyberattacks.
February 10 -
In a State of the Union address declaring that the shadow of crisis has passed, President Obama said he will veto efforts to roll back financial reforms further while he reiterated support for a bill addressing cyber threats.
January 20 -
The White House rolled out several more cybersecurity provisions on Tuesday, including a proposal to better coordinate information sharing between the government and the private sector around cyberattacks and emerging threats.
January 13 -
A new push by President Obama to tighten cybersecurity at banks and other businesses could help light a fire under some firms that have historically been slower to react in the wake of a data breach and help financial institutions dealing with a tangle of confusing state laws.
January 12
This week's White House Summit on cybersecurity at Stanford University comes at a pivotal time for payment and security professionals, who have an opportunity to cooperate to fight Internet crime.
A number of executives from the payments industry will join
It's not news to us that cybercriminals are tireless in their pursuit to hack and attack our personal information for their financial gain. We should view this as an opportunity to come together as a community across industry lines to share information to better protect merchants that are getting hammered by hackers on a daily basis.
What's at stake is apparent. Cybercrime costs the U.S. economy $100 billion per year, while the average data breach now cost organizations $3.5 million. This is an urgent issue. The time is now to increase merchant education and maintain vigilance against this persistent threat.
In addition to the cybersecurity summit, Congress is seeking to create legislation to better protect consumers, generate more avenues for information sharing and bolster law enforcement efforts.
We also know that in the months leading up to the EMV chip transition, hackers will increase their activity around card-present attacks. This summit provides the opportunity for us to discuss action plans and share information to better protect sensitive cardholder data.
We need to remain vigilant and make continuous security a priority over moment-in-time compliance.
It's disturbing to know that basic requirements of the PCI Data Security Standard, such as daily log monitoring or implementing strong passwords, are still not being implemented. The word password remains one of the most popular passwords. Moreover, it takes the average breached organization 229 days to detect an intrusion.
We must redouble our commitment to merchant education. It's why in a few weeks, the PCI Security Standards Council will launch a task force to better address small business security concerns; why we are refocusing our partnership with the acquiring community to help businesses more easily and effectively take advantage of the technologies out there that can simplify payment security; and why we'll continue to stand shoulder to shoulder with those across the ecosystem to develop the strongest standards, best practices and guidance for protecting payments now and in the future.
As we participate in the summit this week, we must view this collaboration for what it is a good first step. Data security must be an ongoing and ever changing effort. Only cooperation and constant vigilance will get us ahead of future cyberattacks.
Stephen Orfei is general manager of the PCI Security Standards Council.