CFOtech Asia logo
Technology news for Asia's CFOs and financial decision-makers
Story image

Cybersecurity threats finance sector facing more cunning

Despite Payment Card Industry Data Security Standard compliance improving significantly in 2020, the cybersecurity threats organisations face are more cunning and evasive than they were even two years ago, according to the 2022 Verizon Payment Security Report.

This year's report found that, overall, PCI DSS compliance improved significantly in 2020, with 43.4% of organisations maintaining full compliance, compared to 27.9% in 2019. 

Additionally, while over half (56.7%) of organisations failed their interim validation assessment due to one or more security controls omissions, the security control gap still improved substantially, from a high 7.7% in 2019 to a low 4% in 2020.  

"Despite compliance improvements, we know that bad actors are still out there and stronger than ever," says Sampath Sowmyanarayan, CEO, Verizon Business. 

"Our own 2022 Data Breach Investigations Report found the financial sector continues to be victimised by motivated organised crime, with servers being involved in 90% of financial breaches," he says. 

"As a result, working harder on your current strategy is unlikely to move the needle. To remain safe in today's heightened cybersecurity climate, organisations will need to approach their objectives and goals at a project, program and strategic level."

The Covid-19 pandemic escalated online business activities and payment card transactions, but it also enabled the skillful exploitation of both existing and emerging threats and weaknesses within payment systems and processes. 

Further complicating the payment security landscape for Chief Information Security Officers and other security practitioners, the PCI SSC recently instituted the most significant rewrite of the DSS since its release in 2004. While a significant step forward, security leaders need to focus their attention and resources on getting up to speed with these new requirements. Released earlier this year, PCI DSS v4.0 will go into effect in 2024.

"Substantial industry feedback drove changes to PCI DSS v4.0," says Lance Johnson, Executive Director of the PCI Security Standards Council. 

"Key changes to the standard focus on meeting the evolving security needs of the payments industry, continuously promoting security processes, increasing flexibility for organisations using different methods to achieve security objectives, and enhancing validation procedures."

Design priorities for PCI DSS v4.0

CISOs and their teams will need to apply a logical, coordinated process to evaluate requirements and constraints of PCI DSS v4.0, while navigating their way through the changes. To help organisations within the payment industry simplify the complexity of these new measures and ensure data security, the 2022 PSR includes a toolbox of management models and frameworks useful for negotiating PCI DSS v4.0.

The report highlights that the challenges organisations encounter with data security and compliance management have identifiable cause-and-effect relationships. The key to achieving ongoing growth and stability of security and compliance program performance is to find a way to focus resources on only the parts within the security environment that are currently limiting or blocking further improvement – the weakest links, system constraints or leverage points. As such, strategic planning, coordination and execution at an operational level is paramount for averting costly data breaches.

Potential impact of 5G on payment card compliance

The appeal of emerging technologies, such as 5G and edge computing, gained significant momentum when the COVID-19 pandemic exposed the weakest links of the financial services industry. The speed and stability of 5G will continue to enhance the mobile experience for the payments industry, providing greater customer security through advanced biometric-based identification and verification methods. It also will provide more secure connections for video conferencing, with participants such as financial professionals and loan counsellors.

Financial institutions and merchants will continue to find innovative ways to benefit from 5G-enhanced features, open architecture and Multi-access Edge Computing (MEC) technologies. At the same time, security practitioners need to explore how these new innovations might impact the PCI DSS compliance posture.

Related stories
Top stories
Story image
Confluent
Confluent reimagines data pipelines with Stream Designer
It will accelerate the shift to real-time with the industry's 1st visual interface for building, testing, and deploying data pipelines natively on Apache Kafka.
Story image
Sustainable IT
WQR: 72% orgs link quality engineering to sustainable IT
The report also highlights that 85% of organisations consider quality engineering pivotal in implementing emerging technologies into real-world use cases.
Story image
IT Automation
Intel hits key milestone in quantum chip production research
Intel demonstrates exceptional yield of quantum dot arrays, showing promise for large-scale qubit production using transistor fabrication technology.
Story image
Digital Transformation
Equinix invests in Indonesia with a $74m data centre
The centre will be strategically located near the largest internet exchanges to meet the country’s growing digital needs.
Story image
Cybersecurity
APAC orgs embracing Zero Trust Security, reveals Okta
Zero Trust Security helps organisations thrive in the era of hybrid work and increasingly sophisticated cyber threats.
Story image
Fintech
New report highlights opportunities and challenges of Super Apps for banking sector
"Staying ahead of the game means predicting where tomorrow will take us, as well as recognising where things currently stand."
Story image
Distributed Denial of Service
Sysdig reveals a loss of $53 for every $1 cryptojackers gain
The 2022 Sysdig Cloud Native Threat Report breaks down supply chain attacks against containers and how geopolitical conflict influences attacker behaviours.
Story image
Sustainable IT
Equinix commits US$50 million to advance digital inclusion
Establishes the Equinix Foundation, an employee-driven charitable organisation, to advance digital inclusion through grants and strategic partnerships.
Story image
Cybersecurity
Best practices for industrial cyber resilience
Operational technology (OT) security is gaining more attention than ever before, but sufficient understanding of what it takes to prevent breaches is still lacking amongst many organisations.
Story image
Digital Transformation
How businesses can stay connected with their clients in a digital environment
Staying connected in a virtual world requires strong communication and collaboration, especially with many workplaces adopting a work-from-anywhere business model.
Story image
IT Automation
Tech job moves - Adobe, Ambit, blueAPACHE, Cue & DC Blox
We round up all job appointments from September 26-,30 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Tax
BlackLine adds tax hyperautomation capabilities to its solutions
The extension to BlackLine's intercompany solutions comes in response to organisations facing increasing intercompany tax scrutiny globally.
Story image
Malware
OpenText reveals nastiest malware of 2022, with Emotet at the top
OpenText threat intelligence experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.
Story image
Customer Relationship Management
NetSuite introduces CPQ to help organisations simplify sales process
NetSuite CPQ is the only native configure, price and quote solution built on the NetSuite platform. It works with NetSuite ERP, CRM, and eCommerce solutions
Story image
IT in Manufacturing
Five ways manufacturers can benefit from a purpose-built ERP
As the manufacturing world rapidly evolves to meet new challenges, many organisations are working to define a new roadmap to success.
Story image
Subscriptions
Denodo targets mid-market with new subscription models
These new subscriptions will help mid-market companies to streamline data integration and accelerate speed to insights.
Story image
Cloud
Workday expands skills cloud and announces new HCM customer
Workday has expanded its skills cloud service and has also announced that Busy Bees Learning has selected the company's HCM solution as part of an overall HR transformation. 
Story image
Legacy
Trellix enables greater cyber resiliency with extended XDR platform
"Legacy SIEM technology has failed to modernise security operations. We are confident Trellix XDR fills this critical gap.”
Story image
Virtual Private Network
BT enhances global Cardway portfolio with Mako Networks
BT has announced a significant enhancement to its Cardway portfolio of payment solutions following the signing of a global agreement with Mako Networks.
Story image
DevOps
Disparate data causing headaches for A/NZ businesses
Gone are the days when developers could get away with merely producing code. Many are now expected to be accountable for their code, which should be ‘clean’, right up to deployment.
Story image
Data analytics
COVID-19 relief innovation takes 2022 SAS Hackathon crown
In COVID-19’s wake, more than 287,000 MSMEs joined JakPreneur, a collaborative government platform that links entrepreneurs and stakeholders
Story image
Cloud
IBM releases Transformation Index to assist cloud innovation
IBM has released its Transformation Index: State of Cloud, commissioned by the company and conducted by an independent research firm.
Story image
Cloud
MYOB provides efficiency boost with new inventory solution
Premium Inventory is an integrated solution that helps goods-based businesses improve efficiency, reduce costs and increase cashflow.
Story image
Oracle NetSuite
NetSuite Launches Ship Central to improve warehouse operations
NetSuite WMS and Ship Central offer warehouse operations across SKUs, processes, and locations. NetSuite WMS eliminates manual processes
Story image
Work from home
Jamf showcases new products to simplify and secure work
At the 13th annual Jamf Nation User Conference, the company shared how its continuous product innovation is helping organisations succeed with Apple.
Story image
Artificial Intelligence
Exclusive: Uniphore shares how Conversational AI can be the key to business success
Conversational AI and Automation are vital tools to help further promote organisational cohesion and communication, and Uniphore is leading the charge.
Story image
Ransomware
Commonwealth tackling rising cybercrime threat in Asia
Ransomware, identity theft, and virtual security attacks identified as growing threats to security and economic growth.
Story image
eCommerce
New FedEx report reveals biggest trends in eCommerce
The report shows that SMEs and consumers agree that there's room for further growth in the already booming eCommerce sector.
Story image
Cybersecurity
Swift successfully pilots its Securities View capability
The new capability significantly increases transparency in post-trade processing while preventing costly settlement fails; it will be widely available in 2023.
Story image
Sustainable IT
Adobe surveys sustainability at work in Hong Kong employees
The top three sustainability practices are reducing paper usage (46%), digital document storage and management (43%), and curbing electricity consumption (37%).
Story image
Cloud
HashiCorp research shows organisations benefit from multi-cloud strategies
The survey highlighted the need for organisations to centralise and automate cloud efforts via platform teams in order to increase operational efficiency.
Story image
Workflow Automation
NetSuite announces SuitePeople Workforce Management
Oracle NetSuite has announced NetSuite SuitePeople Workforce Management, a solution created to help organisations manage labour costs and profitability.
Story image
Amazon Web Services
Infor named Leader in 2022 Gartner Magic Quadrant for Cloud ERP
For the second consecutive time, Infor has been positioned as a Leader in the 2022 Gartner Magic Quadrant for Cloud ERP for Product-Centric Enterprises.
Story image
Network Management
Data is growing at breakneck speed, but are we optimising its value?
Data lies at the heart of digital transformation, as every digital touchpoint translates to a data point. In this digital-first world, data is being created everywhere today – at breakneck speeds.
Story image
Microsoft
UiPath and Microsoft partner to empower best-in-class automation
"Together, we are helping customers realise and achieve the business value of automation at scale. We are excited to deliver substantial, integrated cloud offerings.”
Story image
IT infrastructure
Kyndryl launches open solution, powered by co-creation
Kyndryl Vital is led by global teams of designers who work alongside customers and partners to define and solve complex problems with innovation.
Story image
Revenue management
BillingPlatform improves offerings to foster customer revenue growth
BillingPlatform has enhanced its platform and products with a focus on helping customers drive revenue growth through improved CPQ functionality, new B2B digital commerce capabilities and expanding its payment integrations to include Stripe, Stax Payments and Adyen.
Story image
Digital Transformation
NEC Corporation and Red Hat expand global collaboration
NEC Corporation and Red Hat have announced an expanded global collaboration to drive IT modernisation and digital transformation on Red Hat OpenShift.
Story image
Software-as-a-Service
Intel accelerates innovation with software-first approach
Intel introduced new services and tools in AI, security and quantum computing to help developers reduce time-to-market and increase performance and security.
Story image
Artificial Intelligence
Fortinet advances AIOps to aid the hybrid workforce
"We’re continuing our commitment to AI innovation by delivering AIOps capabilities across our robust portfolio of enterprise networking technology."
Story image
Observability
Gigamon named leading vendor in deep observability market
650 Group has published a report, recognising Gigamon as the leading vendor in the deep observability market for 2022.