24 Solutions had two representatives at the PCI SSC 2016 Europe Community Meeting in Scotland that took place this last week. Following are some reflections from the meeting.
At the 10th anniversary PCI Community Meeting in Edinburgh, Stephen W. Orfei, General Manager of the PCI SSC, kicked off the meeting by describing how the PCI DSS has changed since its inception and how security threats have evolved since the first community meeting in 2006. He concluded by stating that the PCI DSS has never been more necessary, as the use of payments cards is growing worldwide and hackers are becoming more sophisticated and increasing in numbers.
Many of the attendees had questions about the new EU General Data Protection Regulation (GDPR). Jeremy King, the International Director of the PCI SSC, assured the audience that PCI DSS is the best global regulatory standard when it comes to cyber security. And, compliance with PCI DSS is a great way to show regulatory authorities around the world that the company takes security seriously. Mr. King concluded that PCI DSS compliance provides a great framework for reaching GDPR compliance.
Some of the notable speakers at the event were:
Brian Muirhead, Chief Engineer, NASA Jet Propulsion Laboratory, who compared risk management from a PCI standpoint to a Mars landing standpoint.
Ken Munro, who leads a team of experienced penetration testers (hackers), gave a presentation about the Internet of Things. Mr. Munro has experience hacking into almost anything, from the coffee machines at work, cars, and thermostats, to web-connected children’s dolls. The presentation made it clear that the Internet of Things will bring about a lot of security issues, as smart devices, such as a web-connected coffee machine, can be an entry point for hackers to compromise a complete network. Many companies are quick to produce these smart devices and pump them out on the market to beat the competition, which has resulted in many products containing serious security flaws.