So... Let's take a look at look at the top events and trends that helped shape the year from a PCI perspective:
- Malware - Malware continues to get more and more sophisticated. With free A/V scanning services available online, the bad guys can test their new malware to make sure they're undetectable before deploying them. It's a never-ending cycle. Worse-yet, some of the more nefarious trojans use the victim's banking credentials to suck the account dry while displaying an untouched account on the screen to avert suspicion.
- PDFs - These files have increasingly become a hacker target due to their widespread use and people's willingness to open them. Also, the advent of mobile computing sometimes brings us document processing on the back end, and the associated pitfalls.
- Merrick Bank vs. Savvis - I've opined on this before... Merrick vs. Savvis will be interesting to watch play out. I'm not a lawyer, but David Navetta is, and I found the following articles of his insightful (first and second). Do you think a QSAC should be legally liable in the the event of a breach? Why or why not...? Hint: (a) the assessment is at a snapshot in time, (b) the assessment is only against compliance with PCI and not a guarantee against breach by a malicious third party, and (c) the QSAC is not providing an insurance value-add.
- Heartland Breach - the biggest we know of to date - went from from discovery and announcement on January 20th to a settlement and a guilty plea by year's end.
- Virtualization & Cloud Computing - Tomato, tomato... whichever way you pronounce it, the advent of dirt cheap bandwidth is sure to make securing a common infrastructure an interesting challenge for years to come.
- Last but not least.. The Recession - A plethora of businesses all over the world shut their doors over the past couple of years. Those that were able to sell their assets sold them to the highest bidder. Those that couldn't abandoned their buildings chock full of file cabinets, servers, and who knows what else. With all these bankruptcies, do you ever wonder where all this sensitive customer and employee data ends up?
Best of luck to everybody in the new year and have a happy, successful 2010!
¡Felíz año nuevo! La mulţi ani!