Businesses need to act urgently to ensure their data is protected, to prevent an increasing cyber crime threat and to stay compliant with regulations, according to a cloud-based secure payments firm.
In an opinion article on PaymentsSource, chief commercial officer at PCI Pal James Barham said the General Data Protection Regulation – set to come into force in May 2018 – will mark “the beginning of much further reaching conversations about the introduction of a global privacy standard”.
He added that the payment card industry (PCI) cardholder data environment (CDE) will face an increased risk of attack. Mr Barham said the CDE is a “prime target” for hackers, with almost all data breaches in the retail sector involving some compromise occurring in the CDE. PCI Pal therefore expects this to be a trend that will only increase.
Mr Barham said that despite businesses investing in security and compliance, “there are no signs that high-profile hacks are slowing down”. He pointed to research carried out by Verizon, which found that the likelihood is increasing. The company revealed that there had been a 50 per cent increase in attacks year on year, meaning that businesses should maintain their focus on security.
He explained that an increase in ransomware-as-a-service (RaaS) will allow even non-technical hackers to target poorly secured companies and consumers. It means that businesses will have to increase their protections if they don’t want to fall foul of these attackers.
However, according to Mr Barham the majority of security investment to date “has focused firmly on keeping the bad guys out”, which only “works to a certain extent”. He said: “This is because there is much greater impetus for the hackers to devise new methodologies to gain access and the security industry at large is only ever playing catch-up.”
This is why his firm expects to see a difference in the mentality of data protection this year, from trying to keep people out, to ensuring “there is no data for them to take” if they do gain access. Mr Barham said that if businesses can remove valuable data from their environments, it will not matter if there is a breach.