Cb Connect 2018 | Power of You | Register Now


Carbon Black’s Commitment to PCI Compliance Highlighted As Ransomware Threats Loom Against POS Systems

PCI 3.2 From Checkbox Assessment to Security Control
December 12, 2017 / Christopher Strand

As we move further into the holiday shopping frenzy, I can’t help wondering if current predictions from Forrester research of increased ransomware threats to POS systems in 2018 will come true.  Will ransomware exploit designers get their wish this year? I certainly hope not! 

However, we’ve already seen a steady stream of successful exploits this year across retail and hospitality, and many of them have been ransomware related.  To combat these types of targeted attacks and increased volume, organizations that are most exposed and stressed during the holiday season must double efforts to wage successful counter-measures.  

One common element for businesses facing this increased threat is that they are commonly under the scrutiny of the PCI DSS (Payment Card Data Security Standard).  They can all take advantage of measuring the security controls that the standard helps to enforce.  Carbon Black has long been a strong advocate of the PCI DSS and the counsel’s efforts to eliminate security threats to payment card data across effected industries, especially during high volume periods like the holiday season.  I am often asked why Carbon Black chooses to align so closely with PCI’s data security standards so I thought I’d answer those questions and hopefully add some clarity to our association, membership, and alignment with the PCI Security standards counsel.

“Why does Carbon Black take the additional step of being a Participating Organization (PO) with the PCI security standards counsel?”

Carbon Black’s strategy from very early on was to recognize and advocate for groups within the cybersecurity community that helped promote and develop better data security technologies, baselines, and frameworks. The PCI standards security counsel was always top priority for us since its inception, and we recognized the guidance of the PCI DSS as leading in the development of best practices and data security baselines that provided critical guidance to the marketplace and many of our customers.  From the moment Carbon Black created an outward compliance, regulatory, and risk strategy division, alignment with the PCI DSS has been a mandatory component in our strategy, encouraging the convergence and synergy between cybersecurity and regulatory security mandates.

“Why does Carbon Black advocate alignment with the PCI DSS as an active participant?”

Being in tune with the trends and up-to-date changes within the PCI DSS is an essential component to ensuring that Carbon Black is well positioned to provide a positive and leading influence on the security frameworks that the marketplace turns to when solving security problems and protecting their enterprise.

“What values does Carbon Black get from associating with the PCI SSC?”

One of the greatest values we experience is the close connection with our marketplace and customer core. Our association with PCI is often cited as an example of our committed to being thought-leaders within our community and serious about standing by our founding mission of creating a world safe from cyberattacks.  Our association also demonstrates to our market that Carbon Black takes data security seriously and that we are prioritizing our solutions to the end with the evolving threat-scape directed to endpoints in mind.  We also advocate for institutions and standards that promote positive, proactive data security hygiene. By being a PO, our customers understand that we are interested in investing not only in winning their business, but being an active and involved member of their specific cyber community.

“Carbon Black is not a merchant and not covered by PCI, so why participate so actively within the PCI community?”

The ability to get involved with an extended community that has been built on sharing solutions around a common goal is of great importance to Carbon Black. There is an element of trust within the PCI community among participating organizations where fellow members will help each other learn and win both cybersecurity and data security challenges. Anyone who has been to a PCI community meeting will know how collaborative and open those meetings can be. Having access and being a part of the community helps tremendously in shaping our strategy at Carbon Black, and we learn a lot from the dialog and open conversations with other PO’s.

“How does Carbon Black take advantage of the associated benefits of being a PO?”

Carbon Black consistently attends the global community meetings and takes advantage of the increased exposure to the PCI community.  We’ve also spoken at the global PCI events on several occasions. Having advanced access to the standards and supplements that PCI publishes has been a critical part of our go-to-market in that we’ve been able to provide comments and feedback and also ensure that our solutions are in-line with the newest versions of the data standards.

“Does being a PO open up opportunities for Carbon Black?”

Our industry is moving at light speed and Carbon Black is delivering a new generation of endpoint security that can help protect from data exploits and achieve compliance.  Many of Carbon Black’s solutions comprise both security regulatory and compliance offerings that round out required endpoint security solutions. Being a PO has provided Carbon Black with opportunities to quickly connect to our marketplace and filter out the noise normally attributed to navigating a diverse and rapidly evolving security regulatory market. Many PO members we interact with are also associated with other industry security communities, ISACs (Information Sharing and Analysis Centers), and groups, and we have found on many occasions, our PO membership helps us reach audiences by association and through credibility. These relationships help us get to our market efficiently. We also continue to expand our strategy as it pertains to common baseline security frameworks, standards, and best practices, while aligning closely across those areas to ensure coverage with the PCI SSC, the DSS, and the PCI communities. Being a PO and having extended visibility to all facets of PCI and our industry has allowed us to remain at the top of our game within the regulatory community and ensure maximum coverage on Carbon Black’s presence across all tiers.

If you want to find out more about how Carbon Black’s solutions align with PCI and how our solutions can benefit your PCI DSS and security goals, see our website and latest content.

TAGS: Carbon Black / Holiday Attacks / pci compliance