The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
New data security standards mark a big step forward for the financial industry
Changes to the Payment Card Industry Data Security Standard (PCI DSS) will transform the IT infrastructure of financial institutions and fintechs. The new standard known as PCI DSS 4.0 will affect identity and access management, key and certificate management, and the technologies used to filter email, detect malware, enable multi-factor authentication, and a whole host of other technologies.
The current standard, DDS v3.2.1, will serve as a baseline to adopt PCI DSS 4.0. Once the current standard is met, organizations should perform a gap assessment as soon as possible to gauge the lift required to meet the new standard by the time it goes into effect next spring.
PCI DDS 4.0 will have enterprise-wide implications. To learn more about the standard and start getting your game plan together, InformationWeek has the full rundown.
Post-quantum algorithm shows vulnerability to side-channel attacks
Last year, NIST announced that it had selected four quantum-resistant algorithms on which to base future cryptography standards and guard against quantum attacks. But this week, Swedish researchers found a way to crack one of those algorithms.
The CRYSTALS-Kyber algorithm, which NIST intends to use for general encryption purposes, may be vulnerable to side-channel attacks. Side channel attacks leverage the signals emitted by a system to extract secrets, rather than directly targeting that system.
Post-quantum standards are a work in progress, and NIST interprets this finding as a learning opportunity to continue shoring up the encryption scheme. To read more about how these algorithms are progressing, go behind the scenes with SC Magazine.
Zero trust can position security as an innovation-enabler
When designing user and customer experiences, security can’t be an afterthought. Implementing zero trust effectively allows organizations to bake security into their innovation processes to create a customer experience that is both seamless and secure.
Studies show that consumers are becoming more attuned to data and privacy concerns, while CEOs and boards are looking to zero trust to protect revenue streams. This creates a unique opportunity for CISOs to help scale security and maximize trust among their organizations’ customer base.
Cybersecurity has evolved to play a more prominent role in the broader business strategy. To see how, VentureBeat talked to experts from Forrester, Crowdstrike, and others leading the charge.
Attackers develop new tactics for bypassing multi-factor authentication
LastPass and Reddit are two of the latest victims of a new generation of attacks focused on thwarting the protection provided by multi-factor authentication. Three types of attacks have emerged: MFA flooding (which targets the user), proxy attacks (which target the network), and session hijacking (which targets the browser).
Phishing-resistant MFA tools like hardware keys and biometric validation may be the answer, but the logistics of implementing these measures can be a challenge and may even open up new inroads for attackers.
MFA still stands as a pillar of good digital hygiene. DarkReading can show you how to spot these new types of attacks.
Digital identity strategies must encompass both machine and user identities
Within the past year, 84% of organizations experienced some form of breach involving a compromised employee identity. With an attack surface expanded by cloud infrastructures and remote workers, organizations will have to protect digital identities to make good on their digital transformation initiatives.
Zero trust is poised to replace the traditional perimeter-centric security model, and digital certificates are being used to enhance email security. The challenge now is smoothing out the user experience so users don’t have to resort to bad hygiene in order to work productively.
As attacks continue to target users and disrupt the software supply chain, organizations should consider digital identity a top priority. Infosecurity Magazine can help you get started.