Hackers are proactive, relentless and constantly testing ways to exploit payment data for financial gain. If there is a chink in your company’s armor, they will go out of their way to find it, infiltrate it and extract whatever they can find that is of value.
The hacker community is not to be underestimated – it is vast and exceedingly well-funded and organized. They share information, techniques and harmful software used to exploit weaknesses in a company’s data security program. If your company has payment data, it is not fending off individuals – it is fighting a powerful industry whose sole aim is to breach your systems and take any payment data it can lay its hands on, before selling it on to the highest bidder.
And the hackers’ target is growing day by day - the payments ecosystem is evolving, methods of online payments are increasing and so are the number of payments being made around the world.
As payments change and cybercriminals improve their attack methods, businesses will be under increased pressure to counter these attacks with greater manpower and heightened skills. Good cybersecurity is an ongoing process. Businesses need to be continuously improving their security to keep payment data safe from these criminals. Their environments must be assessed, monitored, and tested regularly to uncover any weakness and ensure they are effective. If your business does not practice good, continuous cybersecurity, the hackers can tell, and they will not attack once, they will simply steal from you again and again and again.
Unfortunately, a global shortage of skills available to deal with cybersecurity means that, right now, safeguarding data is easier said than done. What’s worse: this skills shortage is projected to grow to an estimated 1.5 million globally by 2019. The pipeline of talent to battle future cybercrime is simply not strong enough. More bodies are needed if we are going to successfully keep the criminals at bay.
The PCI Security Standards Council offers a range of training and programs to help with the cybersecurity skills shortage in the payment industry. We aim to ensure qualified professionals are available for merchants and service providers in their efforts to maintain payment security as an everyday business process. In close collaboration with the industry we will continue to develop and enhance our training and programs to meet their needs. For example, the PCI Associate QSA program is being rolled out in early 2018 and will specifically target new cybersecurity talent to build out the pipeline of cybersecurity professionals in the payment industry.
The industry must do all it can to attract new talent now that can stem the tide tomorrow. The hackers are in the ascendency and the hunt for talent is on.
Mauro Lance is Chief Operating Officer at the PCI Security Standards Council.