Keep Moving the Door, Keep Changing the Locks
So, the birth of the PCI Security Standards Council came to pass. These credit card companies joined forces to set up standards that anyone who wished to consume their services would have to follow. This was so important to them that even though they were direct competitors they all agreed to reject anyone who did not follow these standards. I cannot even begin to cover them in this little blog post, however, click my link below if you wish to see them. The most important thing to understand is that breaches do happen, even to the largest, most powerful companies. Cyber criminals are well-motivated, large in numbers, and have the luxury of only needing to locate/exploit a hole. This is not as easy for the IT Security Specialist who spends all day every day fending off the relentless attacks from an army of hackers that spend their whole lives doing just that.
Think about castle gates. They are reinforced with stone, thick wooden doors, and steel frames. One man with a pickaxe is never getting in, however, 100 men with a battering ram will break through eventually. How do we prevent this? Well, we keep moving the door. We keep changing the locks.
The Way of the Egyptians
This may seem like an oversimplification; however, you might be surprised about how accurate it really is. When I mention changing the locks, I do not necessarily mean change your password. There are heated debates on that topic and I will not dig into that here, you can decide if changing your password often is a benefit. What I am referring to is the encryption and access keys used to navigate the system. By encrypting the database even if an intruder got the information they would not know what to do with it. This is not a new concept, people have been doing this kind of thing since before the Egyptians.
In short, the reason the PCI Security Standards Council is so important is that it provides those IT Security Specialists the checklists to ensure that they are up to date and secure. It does not just stop with your certification though; the PCI Security Standards Council is there to constantly monitor and keep you informed on changes and risks in this digital market we live in.
“To improve is to change, so to be perfect is to have changed often.”