|
For merchants affected by PCI, size matters. Based on volume of transactions, a merchant is assigned a level from 1 to 4; placement affects PCI requirements. For example, all merchants need quarterly network scans, but only Level 1 merchants must have on-site assessments. All others are on the honor system.
|
||||||||||||||||||||||||||||||||||||
GAMING THE SYSTEM
While many retailers use the PCI standard to improve their security postures, the spec has enough holes to let retailers demonstrate compliance without making significant changes to their security practices. A key issue is the number of retail locations that are physically audited by a QSA. The guidelines for Level 1 merchants require individual retail locations to be audited. This is a critical component of the standard, particularly in light of the TJX credit card theft, in which thieves first gained access to the company's systems through the weak wireless network of a single T.J. Maxx retail store.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
