The PCI Security Standards Council will host the second Middle East Forum on 6-7 April 2016 in Dubai, UAE. Among the speakers at the forum will be Christopher Novak, co-Founder and director of the Verizon Investigative Response Unit. In this blog post we get Chris's insights from his investigations, advice on breach prevention, and a glimpse into his keynote speech at the forum.
Chris Novak: At a high level, one of the most common security pitfalls is a lack of balance between prevention, detection and response. Many organizations tend to focus more heavily on one, sacrificing the others. This imbalances tends to lead to more costly breach events. The PCI Data Security Standard (PCI DSS) does a good job of highlighting the importance of having all three components.
In what way are these trends similar or different in Middle East & North Africa (MENA) region specifically?
Chris Novak: We actually find that the MENA region is facing very similar threats and risks as others globally. As it relates to payment data specific breaches, most organizations in the MENA region are utilizing the same hardware, software and technology as the rest of the world and thus are exposed in the same manner. Since most of these breaches are opportunistic attacks, the threat actors are targeting MENA victims in similar percentages. There is a perception of fewer breaches in the MENA region, but that is largely due to differences in notification, disclosure and reporting.
How would you gauge awareness of payment security in the MENA region?
Chris Novak: Payment security awareness within the MENA region is slightly below the global average, but has been steadily growing over the last several years.
What do you see as the next big threat in payment security?
Chris Novak: With the global migration to EMV support, we foresee the threat actors shifting their focus towards e-commerce and card-not-present environments. We expect to see historical threats such as SQL injection, to re-emerge. Continued security due diligence will help in minimizing these threats from becoming reality.
What is the one thing you hope attendees take away from your presentation at the PCI Middle East Forum?
Chris Novak: Nobody is immune from breaches and everyone must play a role in security in order for it to be effective. Furthermore, a security regimen will only be effective if it constantly evolves with its surrounding threat landscape.
