IT security has always been a major concern for businesses that accept online credit card payments. They hold sensitive information that malicious hackers are after: cardholder data. This is why such businesses are legally obliged to build IT systems and networks that are PCI DSS compliant.
What Is PCI DSS?PCI DSS is a security standard developed by the PCI Security Standards Council. Designed for businesses that do online transactions and hold customers’ payment records, it helps them build and maintain secure IT systems and networks, ensuring the privacy and security of their customers’ credit-card details and cardholder data.
The set of standards defined in the PCI DSS are the minimum required level of computer systems security that must be in place when processing credit-card data. These standards apply to merchants, processors, financial institutions, service providers, and any other entity that store, process, or transmit credit-card and cardholder information.
Why Businesses Need to Be PCI DSS CompliantThe challenges of building and maintaining a PCI DSS–compliant network are many and depend on several factors—for example, the type of software used, the network setup, and the procedures in place. If organizations that process credit-card payments and store cardholder details fail to build PCI DSS–compliant networks and computer systems, they risk being fined up to $500,000 per month—or even worse, having their trading licence revoked.
This white paper explains how using Parallels Remote Application Server (RAS) can help organizations build scalable PCI DSS–compliant networks and also save on costs and administration overheads.
A2U, an IGEL Platinum Partner, recently experienced a situation where one of its large, regional healthcare clients was hit by a cyberattack. “Essentially, malware entered the client’s network via a computer and began replicating like wildfire,” recalls A2U Vice President of Sales, Robert Hammond.
During the cyberattack, a few hundred of the hospital’s PCs were affected. Among those were 30 endpoints within the finance department that the healthcare organization deemed mission critical due to the volume of daily transactions between patients, insurance companies, and state and county agencies for services rendered. “It was very painful from a business standpoint not to be able to conduct billing and receiving, not to mention payroll,” said Hammond.
Prior to this particular incident, A2U had received demo units of the IGEL UD Pocket, a revolutionary micro thin client that can transform x86-compatible PCs and laptops into IGEL OS-powered desktops.
“We had been having a discussion with this client about re-imaging their PCs, but their primary concern was maintaining the integrity of the data that was already on the hardware,” continued Hammond. “HIPAA and other regulations meant that they needed to preserve the data and keep it secure, and we thought that the IGEL UD Pocket could be the answer to this problem. We didn’t see why it wouldn’t work, but we needed to test our theory.”
When the malware attack hit, that opportunity came sooner, rather than later for A2U. “We plugged the UD Pocket into one of the affected machines and were able to bypass the local hard drive, installing the Linux-based IGEL OS on the system without impacting existing data,” said Hammond. “It was like we had created a ‘Linux bubble’ that protected the machine, yet created an environment that allowed end users to quickly return to productivity.”
Working with the hospital’s IT team, it only took a few hours for A2U to get the entire finance department back online. “They were able to start billing the very next day,” added Hammond.
Protecting your data and ensuring its’ availability is one of your top priorities. Like a castle in medieval times, you must always defend it and have built-in defense mechanisms. It is under attack from external and internal sources, and you do not know when or where it will come from. The prevalence of ransomware and the sharp increase in users working from home and on any device adds further complexity and broadens the attack surfaces available to bad actors. So much so, that your organization being hit with ransomware is almost unavoidable. While preventing attacks is important, you also need to prepare for the inevitable fallout of a ransomware incident.
Here are just a few datapoints from recent research around ransomware:• Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021 • Ransomware is expected to attack a business every 11 seconds by the end of 2021 • 75% of the world’s population (6 Billion people) will be online by 2022. • Phishing scams account for 90% of attacks. • 55% of small businesses pay hackers the ransom • Ransomware costs are predicted to be 57x more over a span of 6 years by 2021 • New ransomware strains destroy backups, steal credentials, publicly expose victims, leak stolen data, and some even threaten the victim's customers
So how do you prepare? By making sure you’re recovery ready with a layered approach to securing your data. Two proven techniques for reducing the attack surface on your data are data isolation and air gapping. Hitachi Vantara and Commvault deliver this kind of protection with the combination of Hitachi Data Protection Suite (HDPS) and Hitachi Content Platform (HCP) which includes several layers and tools to protect and restore your data and applications from the edge of your business to the core data centers.