AWS Users: Here's What You Need to Know About Your Security Risks
AWS Users: Here's What You Need to Know About Your Security Risks
With the widespread adoption of remote work over the last year due to the COVID-19 pandemic, the need for cloud-based services dramatically increased as many businesses migrated to the cloud.
Looking to 2021 and beyond, this trend shows no signs of slowing down any time soon.
The cloud has immense benefits for business. It is efficient, cost-effective and allows companies unprecedented room to scale. However, it is an easy target for attackers. Simple mistakes and misconfigurations of cloud settings were a leading cause of data breaches in 2020, costing businesses US$3.86 million.
Organisations should take stock of the security implications of the cloud and identify any vulnerabilities in their current infrastructure.
The Rise of AWS
One of the most popular cloud-based services is Amazon Web Services (AWS). AWS is a simple pay-as-you-go cloud computing solution designed for all types of organisations.
But even with the backing of one of the world's biggest companies in Amazon, AWS still needs maintenance from its end-users to ensure complete protection.
Uptake of and conversion to AWS is growing, and with it comes a whole new language that users need to know to stay safe. While AWS is responsible for managing a number of security controls, businesses that use the AWS environment are also responsible for ensuring that virtual appliances and services are correctly configured to avoid any vulnerabilities. To read more about the responsibilities between AWS and businesses who use AWS, have a look at the AWS artifact.
And when you are not aware of your responsibilities with AWS, it makes your business extremely vulnerable.
How do you ensure PCI Compliance in an AWS environment?
Stratica uses automated compliance assessment tools to help clients stay on top of their AWS environment security.
If you are using AWS and want to make sure your e-commerce site is as secure as possible or find out more about securely switching to AWS, contact me.
Lack of Security Puts Charities At Risk
A UK study shows that charities that facilitate donations through online platforms are at serious risk of falling victim to cyber-attacks.
Published by the UK Department for Digital, Culture, Media and Sport, The Cyber Security Breaches Survey found that 26% of charities experienced a cyber breach in the last twelve months.
The most common types of cyber-attacks were:
Phishing attacks, accounting for nearly 80% of breaches.
Hackers impersonating charity emails, accounting for 23% of all attacks.
Viruses, spyware or ransomware (16%).
Other less-common attacks charities saw included:
Unauthorised listening into video conferences.
Taking over charity's accounts.
Hacking bank accounts.
A significant challenge over the last year has been the shift to working from home during the COVID-19 pandemic, which meant charity employees typically worked from their personal devices, many of which are not secure.
Why are charities at risk?
Regular donation programs and online platforms that beneficiaries can access require
the storage of credit card details or other sensitive personal information.
However, with the risk of cyber crime so high, a breach can mean that the charity's ability to attract donors online successfully is at stake, and following a breach, charities only have a one in five chance of getting a customer back.
One of the more recent victims of payment security data breaches was OXFAM Australia. In this case, cybercriminals unlawfully gained access to the charity's supporter data. A similar incident occurred at the RSPCA.
It will be tough for these charities, and the countless others, who fall victim to a cyber breach to fully regain the trust of their current and future donors. So, to secure the future of your charity and those you support, prevention is the best cure.
How can charities protect themselves against a breach?
Charities rely on making it easy for donors to support them online, so they can't afford any security risk. To prevent a security breach, charities should undertake regular vulnerability scans and patching.
Reading over Stratica’s “Payment Security Checklist” is a useful guide to securing payments to your charity and protecting the generous people who support you.
For a complimentary security assessment, please get in contact with me so I can help you further understand the steps to protecting your charity from a devastating breach.
Q&A: everything organisations need to know about PCI compliance
What is PCI compliance? Why do I need it? And what does it mean for my organisation?
- businesses that accept credit or debit cards for payment, even if they use a third-party vendor's hardware, software or application to do so.
- service providers that store credit/debit card data on behalf of another business.
- hosting providers or other service providers that process or transmit credit/debit card data on behalf of another business.
How to stay PCI compliant
So your organisation is PCI compliant - Well done! You have taken the first step toward fostering a secure environment for your organisation and customers.
- penetration testing
- internal and external scanning
- security awareness training
- compliance review
- risk assessment
- application security
- firewall and router configurations
- patching and patch management
- review logs, alerts, and access permissions
- data integrity assessment
Customer story: Cardgate on the importance of having high-security standards
CardGate has been a payment service provider since 1998, and their software helps merchants process card payments online. They are a preferred supplier of the Commonwealth Bank of Australia.
Being in business since the early stages of e-commerce, Cardgate CEO, Harry Ramadan, has seen many things change, the most significant development happening in the mid-2000s.
When the internet became more accessible, online shopping became more popular. And that created a perfect storm for a new generation of criminals: cybercriminals.
So while the payment card industry was experiencing record growth and was looking to a prosperous future, they were in the grips of a cybercrime epidemic that could derail it all. In Harry's words, the industry "needed to get their act together".
So in 2004, the Payment Card Industry Security Standards Council (commonly shortened to PCI Council) was born. The PCI Council went about setting best-practice standards for the secure storage of credit card information online.
And PCI compliance would eventually become mandated for payment service providers. Harry was an early adopter and noticed a stark change in the competitive landscape.
"Our first PCI audit was in 2006, and at that time, a lot of our competitors didn't bother or see the need to achieve PCI compliance."
"The mandate flushed a lot of companies out of our industry".
And it was for the better. While many predicted e-commerce would become the wild west where no card was safe, PCI standards have helped e-commerce grow to unprecedented levels and change the retail landscape for good.
The importance of having the right PCI compliance partner
As the industry matured almost a decade later, Harry realised not all PCI qualified security assessors were created equal.
"We had worked with some companies we weren't happy with in the past."
"A lot of companies will come in, do a quick audit and give us the all-clear. We wanted someone who would work with us to maintain the highest possible security standards."
In came Stratica, and Harry soon realised the benefits of Stratica's unique approach to Cybersecurity.
"They aren't just assessors and auditors. They are consultants, and help us set the highest possible standards for payment security."
"Our high-value partnerships with merchants depend on the level of attention to detail we get with Stratica."
Having worked with Stratica since 2015, Harry knows his security is in good hands.
"PCI compliance is never easy, but we can rely on Stratica for great advice."
Are you looking for a qualified security assessor to help your organisation stay PCI compliant? Look no further than Stratica. For a free audit and security review where we will help you set the standard for payment security in your industry, get in contact with us today.