Malicious Insiders Are Majority of PCI-DSS Breaches. Here’s How to Make the Most of Compliance.
July 10, 2018
Almost 60 percent of attacks within the financial services industry are carried out by insiders advertently or inadvertently, according to a 2017 report by IBM X-Force Threat Intelligence Index.
To address security weaknesses, the PCI Security Standards Council (PCI SSC) created the PCI DSS which protects cardholder data in the digital age. Vulnerabilities appear everywhere in the card-processing sphere, including point-of-sales devices, wireless hotspots, e-commerce, transmission of cardholder data to service provider, etc.
One of the requirements of PCI is to restrict physical access to cardholder data, such as:
- Using appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment
- Developing procedures to easily distinguish between onsite personnel and visitors, such as assigning ID badges
- Using a visitor log to maintain a physical audit trail of visitor information and activity, and retaining the log for at least three months
First Line of Defense
Cabinet-level security is the first line of defense for data centers’ data protection and security policies. Chatsworth Products’ (CPI) eConnect Electronic Access Control (EAC) provides a simple and effective solution for physical access control, power management and environmental monitoring.
eConnect EAC is a cost-effective networked locking solution works with CPI's eConnect Power Distribution Units (PDUs) using a single network connection and one interface to monitor all three elements, greatly simplifying rack management.
This integrated approach provides a single view and the ability to manage power at each outlet and cabinet, monitor status of environmental conditions and control each cabinet access attempt with an audit trail report that is easily exportable via a user-friendly web interface—a documentation requirement by PCI-DSS.
For more information on eConnect EAC and how it simplifies regulatory compliance, download the Regulatory Compliance Application Sheet.
Raissa Carey, Technical Writer