Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
PCI DSS Case Study: Security Gaps in Policy & Practice
During a PCI Assessment for a global retailer, HALOCK discovered and helped resolve significant breakdowns in security policies and practices implemented at the stores. (more…)
A Summary of DBIR 2020 – Where the Data Breach World is Today and How to Prepare for IT
Keeping Track of PCI DSS v4.0
UPDATED AS OF JULY 2021
UPDATE: New Blog on PCI DSS 4.0
Get updates on the status on PCI DSS review of the 2019 RFC comments, when the final version of PCI DSS is planned to be completed, timing of the next request for comments (RFC), and information about the RFC feedback they received. (more…)
HALOCK Pandemic Breaches Bulletin: Exfiltrating Remote User Accounts to Inject Ransomware
During the pandemic HALOCK and the information security community have been responding to a significant spike in cyber security incidents. (more…) |
CMMC 101: The Basics of Cybersecurity Maturity Model Certification
WHAT IS CMMC? CMMC which stands for ‘Cybersecurity Maturity Model Certification’ is the upcoming required standard for all contractors and suppliers that work with the Department of Defense (DoD). (more…)
M&A: The Cyber Risk of Business
The impact of the COVID-19 pandemic is profound – every business has been touched, forcing many to explore how their organizations adapt to the new economy. Some industries have bigger challenges due to the nature of their business – travel and lodging, restaurants, transportation, oil and gas and more due to social distancing ordinances. (more…)
PCI DSS v4.0 Expected Mid-2021
UPDATED AS OF JULY 2021
UPDATE: New Blog on PCI DSS 4.0
Get updates on the status on PCI DSS review of the 2019 RFC comments, when the final version of PCI DSS is planned to be completed, timing of the next RFC, and information about the RFC feedback they received. The new blog covers timing of supporting documents, transition between PCI DSSv3.2.1 and v4.0, an explanation of “future-dated requirements,” development and transition timelines for the project and more.
The PCI SSC just announced that the final version of PCI DSS v4.0 won’t be published until 2021 and won’t be required for 2 years after the publication date.
(more…)Cyber Insurance Carriers Are Insuring the Wrong Thing
By Chris Cronin
Cyber security insurance is rapidly becoming a staple for cyber security risk management. Organizations are increasingly transferring cyber security risk to insurance carriers who will cover costs that result from a cybersecurity breach. (more…)
Payment Processing in a Remote Working Environment
Organizations are facing a lot of change with remote work set ups – in both physical location and operational shifts. Especially challenged are businesses that manage credit card information electronically and over the phone. These new working conditions unearth new risks for sensitive data. Social distancing can also bring about more social engineering attempts. According to the U.S. Secret Service, social engineering/phishing is a very common online attack right now.* (more…)