Tuesday, March 31, 2020

Work

"Honest work is respectable, in good times and in bad times, and our national tendency to sneer at any job that does not require an advanced degree or a mass-marketable talent in sports or entertainment is one of the worst aspects of contemporary American life." - Kevin Williamson, National Review

Saturday, March 28, 2020

Joe’s Coronavirus Book Club

My 2020 New Year’s Resolution was simply to “Read more. Eat less.”  By the end of February, I could report that my reality was exactly the opposite. :-(

Enter “social distancing” and its harsher cousin, “self-isolation”.  While arguably making it harder to “eat less”, it has given me the kick-start I needed to “read more”.

In this space, I will update the list of books as I finish them...

1.  Thanks a Lot, Mr. Kibblewhite: My Story - by Roger Daltrey
2.  The Gulag Archipelago, 1918-1956 : Volume 1- by Aleksandr Isaevich Solzhenitsyn
3.  Political Tribes: Group Instinct and the Fate of Nations - by Amy Chua

Wednesday, March 18, 2020

ControlScan Becomes One of the First PCI Software Security Framework Assessor Companies

Expanded application security assessment services give ControlScan customers more flexibility and increased software security.
ATLANTA, March 18, 2020 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security and compliance solutions that help secure IT networks and protect payment card data, has become one of the first Software Security Framework Assessor companies to be listed by the PCI Security Standards Council.

Software vendors for point-of-sale, middleware, payment switches, kiosks, shopping carts, call centers, fuel dispensers, and other transaction-related applications who validate according to the new SSF program can benefit from its streamlined process that supports efficient and agile code releases and defends against constantly evolving security attacks.

“The Software Security Framework really has changed the game for application security,” said Sam Pfanstiel, Director of Security Consulting Services, ControlScan. “The new set of standards is much more streamlined to accommodate today’s accelerated software lifecycle, because it supports the latest software integrity testing technologies while also giving significant consideration to the maturity of the vendor’s application design, development and management practices.”

ControlScan assessors are qualified to test for both secure software lifecycle (Secure SLC) and Secure Software. A combined assessment methodology enables quick and confident evidence collection and testing for listing as a Secure SLC Qualified Vendor and/or Validated Payment Software. In addition, these certifications work together to assure merchant and acquiring customers that such software will support their own PCI DSS compliance.

“We recommend the combined audit approach, since companies listed as Secure SLC Vendors can now self-attest to low-impact application changes without undergoing a third-party audit,” Pfanstiel said. “This can significantly reduce their time-to-market for software enhancements.”

The company’s SSF advisory services also support gap analyses against either or both assessment types, providing a clear path to compliance and listing under the new SSF program. In addition, ControlScan can produce white papers that detail the impact of a company’s SSF compliance to support its customers' PCI compliance.

The new SSF program will fully replace the Council’s Payment Application Data Security Assessor (PA-DSS) program by 2022, but ControlScan encourages eligible entities to utilize it now. For more information about ControlScan’s Software Security Framework validation services, please click here.

About ControlScan
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit ControlScan.com.
Press Contact
Stacey Holleran
Director, Corporate Communications
678-694-0654

Sunday, March 15, 2020

Report: ISOs, Acquirers Finding Innovative Ways to Address Merchant PCI Compliance

Recent survey by ControlScan and the Merchant Acquirers’ Committee finds new strategies surrounding non-compliance fees, scope-reducing technologies.

LAS VEGAS, March 03, 2020 (GLOBE NEWSWIRE) -- MAC Level Up Conference - ControlScan, a leader in managed security and compliance solutions that help secure networks and protect payment card data, has released a new payments industry research report in collaboration with the Merchant Acquirers’ Committee (MAC). Among its findings, the ControlScan/MAC 2020 Acquiring Trends Report identifies new strategies ISOs, acquirers and other merchant service providers are employing in the face of increasing merchant PCI compliance challenges.
ControlScan and MAC have tracked various aspects of acquirers’ PCI programs—including who has them, their goals and achievements, and how they’re administered—since 2011. Gathering this data over time has provided the ability to follow trends and share unique insights into the state of merchant PCI compliance programs.

Acquiring Trends survey respondents consistently say that regular, ongoing communications and education are key to their merchant PCI compliance efforts. However, this year’s survey saw a rise (from 35% to 44%) in those who are realizing the benefit in combining communications with technology services such as managed firewall. Validated point-to-point encryption (P2PE) solutions, as well as end-to-end encryption (E2EE) also rated high for their ability to reduce PCI scope.
Chris Bucolo
"When combined with regular communications and educational content, scope-reducing technologies and related services are a powerful way to make life easier for the merchant,” said Chris Bucolo, Vice President of Market Strategy, ControlScan. “It’s all about giving the merchant the tools and support they need to properly secure their business, without overburdening them.”

Other key findings from the ControlScan/MAC 2020 Acquiring Trends Report include:
  • Keeping merchants compliant is a continuing challenge – From 2014 through 2018, portfolio compliance rates were on a healthy upward trend. In 2018, however, there began to be signs of slowing rate growth based upon 38% of survey respondents reporting that their rates had either stayed the same or declined. The 2020 numbers show a definitive downward trend, with only 26% reporting compliance rates above 60% (as opposed to 42% in 2018) and 23% under 25% (as opposed to 15% in 2018).
  • Non-compliance fees are increasing in their significance – The percentage of those not charging non-compliance fees has historically been stable at around 17-18%. This year, however, the percentage rose to 23%. When asked about the drivers behind waiving non-compliance fees, an astounding 77% said they did so for strategic and/or competitive purposes. This year’s survey also found a widening divide between those who charge no non-compliance fees and those who are charging a non-compliance fee of more than $50 per month.
  • High Compliance Rates and merchant risk reduction go hand in hand – Keeping merchant risk in check is a priority for virtually all respondents, with 86% saying it’s a high or top business priority. Further data analysis revealed that one-third of those who have made merchant risk reduction a top priority are achieving higher merchant portfolio compliance rates than the group as a whole.

"Running a successful PCI compliance program requires regular reviews of metrics and trends so that corresponding adjustments can be made,” said Bucolo. “Like security technologies, there is no ‘set and forget’.”

“The information we glean from our ongoing survey partnership with ControlScan is extremely valuable,” said Vadeene Sisk, Education Committee Chair, MAC. “High merchant compliance rates translate to reduced business risk, which is mission critical for the MAC membership base as well as the payments community at large.”

About the Survey 
The ControlScan/MAC 2020 Acquiring Trends Survey was conducted over a six-week period between November 12 and December 23, 2019. The survey was administered online, and a link was distributed via email to randomly selected processors, acquirers, ISOs and other merchant service providers listed in the databases of ControlScan and MAC. A total of 68 payments industry professionals, representing organizations that serve Level 3 and 4 merchants, completed the survey.


The ControlScan/MAC 2020 Acquiring trends report is being released in conjunction with the MAC Level Up Conference taking place March 2-5 at the Park MGM in Las Vegas. Download a complimentary copy of the new report here.

About ControlScan 
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit ControlScan.com.


About Merchant Acquirers’ Committee (MAC)
The Merchant Acquirers’ Committee (MAC) is an organization of payments professionals dedicated to protecting the integrity of the payments ecosystem. Our members include acquiring banks, ISOs, the card brands, NACHA, law enforcement agencies, payment processors, and payment facilitators. MAC’s mission is to strengthen the payment ecosystem through ongoing education, communication, and cooperation among its members. For more information, visit www.macmember.org


Press Contact
Stacey Holleran
Director, Corporate Communications
678-279-2645
sholleran@controlscan.com

Thursday, March 12, 2020

The company with the plan wins.

Dark Reading is one of the most popular cybersecurity news sites on the Web today.

ControlScan's Vice President of Security Consulting Services, Marc Punzirudu, recently sat down and talked with Dark Reading and discussed how to change the conversation about security in your company.

Wednesday, March 4, 2020

Don’t Wait Until Ransomware Has Your Business Locked Down

Ransomware victims are paying hundreds of thousands of dollars to cybercriminals. It doesn’t have to be this way!
The ControlScan Blog is always a great source for useful information about cybersecurity and compliance.

However, this recent post by ControlScan's Director of MDR Operations is PARTICULARITY important as ransomware attacks continue to rise.

I highly recommend that you read it today understand the importance of planning ahead in order to save time an money...and possibly our business.

For more information on how ControlScan can help you in this area, don't hesitate to contact me directly.

Friday, February 28, 2020

ControlScan Security Operations Center Analysts Win Gold in Cybersecurity Excellence Awards

MSSP ControlScan takes home three awards for its dedication to “excellence, innovation and leadership in information security”. [PRESS RELEASE] ATLANTA, Feb. 27, 2020 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security services specializing in compliance, detection and response, has received a gold Cybersecurity Excellence Award recognizing its security operations center (SOC) analysts as “Cybersecurity Team of the Year.” In addition, the company was awarded silver as “Best Cybersecurity Company” and “Cybersecurity Service Provider of the Year.” All three awards are for organizations with 100-499 employees operating within North America.

According to recent ControlScan research, 41 percent of businesses that manage their security operations entirely in-house cite “speed of incident response” as a key business challenge. ControlScan SOC analysts provide 24x7, eyes-on-glass support and are specially trained to assess, investigate and rapidly respond to security alerts and anomalies. In 2019, ControlScan’s team of SOC analysts addressed more than 78,000 “medium,” “high” and “critical” events involving malware, defense evasion, exploits, code executions, etc., on behalf of their customers.

“ControlScan SOC analysts are a primary component of our security threat detection and response program, which ensures each business is protected and they don't have to worry about being victimized by a data breach, malware, ransomware, or any other form of cyberattack,” said Tom Callahan, director of MDR Operations, ControlScan. “We are proud of our team and thrilled to be recognized with a gold Cybersecurity Excellence Award.”

The Cybersecurity Excellence Awards honor companies, products and professionals that demonstrate excellence, innovation and leadership in information security. ControlScan is consistently developing new services to bolster its technology stack and ensure that customers’ security and compliance needs are holistically met. Recent enhancements include expanding Managed Detection and Response (MDR) services to businesses using Microsoft Office 365, Google G Suite, and other cloud-based SaaS and PaaS applications/services; introducing PaySafe PumpConnect, to increase security and payment transaction speeds at fuel pumps; and advancing the company’s Endpoint Security Service, to provide even greater threat detection and response capabilities.

The complete list of Cybersecurity Excellence Award winners is located HERE. To learn more about the ControlScan SOC and its team of security analysts, see the video here.

About ControlScan
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit ControlScan.com.

Press Contact
Stacey Holleran
Director, Corporate Communications
678-694-0654
sholleran@controlscan.com

Tuesday, February 25, 2020

Restaurants need cybersecurity protection, too.

According to the National Restaurant Association’s latest State of the Industry Report, restaurants are rapidly adopting new technologies such as online/app-based ordering and reservations as well as mobile payments. These tools are great for creating a better customer experience, but they can also put your restaurant at a greater risk of being breached.

Confidently run your business 
without worrying about cybersecurity threats.

Restaurant technology is going to continue advancing.  Savvy operators understand the need to upgrade according to customer demand and preferences. As restaurants grow and scale their technology usage, they can rely on ControlScan to defend their business from cyber criminals.

Good cybersecurity is more thorough
and less costly than you think.

The ControlScan Managed Detection and Response (MDR) service gives restaurants a cost-effective way to ensure that security threats are quickly discovered and eliminated. ControlScan keeps our eyes on restaurants' IT networks on a 24x7x365 basis - allowing restaurateurs to run their business knowing that we’ve got their back.

Watch the video to learn more and contact me today for a deeper dive and to schedule demo.

Thursday, February 20, 2020

Managed Security by Control Scan - We've Got Your Back

Layered cybersecurity cannot be ignored. Defensive measures, like standalone firewalls, will not completely keep attackers out of a network environment. Advanced threat detection and response capabilities must also be employed to fully protect an environment and immediately identify and stop an attack when it happens.

After falling victim to a ransomware attack, it became clear to one of the nation’s leading independent insurance brokerage firms that managing their own network security was no longer an option. The firm’s IT team just didn’t have the bandwidth to efficiently secure company data and rapidly detect the ever-increasing number of cyber threats. To stay competitive and to protect their client data, they needed a robust defense system and a partner they could trust—one that had the technical expertise to provide a multi-tiered approach to security.

Since partnering with ControlScan, this customer has been able to ward off additional security breaches through layered security and 24/7 threat detection monitoring. Their CIO says the critical benefits of the ControlScan partnership are incalculable.

Contact me today to discuss to your current cybersecurity posture and review some of ControlScan's managed services that can help protect your business from devastating cyber threats.

ControlScan - We've Got Your Back

North American CyberSecurity Team of the Year!

CyberSecurity Insiders has begun publishing their
2020 CyberSecurity Excellence Awards winners.
ControlScan is very proud to announce that
our SOC Analysts have won the award for

Tuesday, February 4, 2020

Today is #WorldCancerDay

Cancer sucks.  Please consider a donation to your preferred cancer charity today.
If you don't have one, I can recommend one. ;-)
Richard Gaeta. Renal Cancer. 2/9/1938-6/1/2014  |  Joan Gaeta. Lung Cancer. 9/7/1938-7/17/2007

Monday, January 27, 2020

An MSSP that makes your life easier....

Security comes off your to-do list and resides with us.

At ControlScan, we take a proactive approach to protecting your business from cyber threats while helping ensure your compliance with security and privacy standards like PCI DSS and HIPAA. Our unified security and compliance solutions deliver confidence to millions of businesses as well as the IT professionals who serve them. Below is a listing of the managed security and compliance services we provide.

Contact me today and learn how our services can support your security needs.

Managed Security Services
  • Managed Detection and Response
  • Managed SIEM w/File Integrity Monitoring
  • Managed UTM Firewall (PaySafe)
  • Endpoint Security
  • Vulnerability Management (VMS)
  • Security Awareness Training (SAT)
  • Phishing Simulation

Security Consulting Services
  • IT Risk Assessment
  • Network & Application Layer Penetration Testing
  • Security Social Engineering
  • PCI & HIPAA Compliance Assessments
    • PCI Compliance
      • PCI 1-2-3 Self-Assessment
      • PCI Gap Analysis
      • PCI External Vulnerability Scanning
      • PCI QSA Assessment
      • PCI Advisory
    • HIPAA Compliance
      • HIPAA Gap Analysis
      • HIPAA Assessment
      • HIPAA Advisory

PCI Validation Services
  • PCI PA-QSA Application Validation
  • PIN Security Assessment
  • Point-to-Point Encryption (P2PE) Services

Ransomware Hacker Extortion Payment Reaches $84,000

Good day!

I'd like to draw your attention to this article I read this morning.

Among the piece's many interesting (and frightening) points, I find these most notable:
  • Average ransom payment: In Q4 2019, the average ransom payment increased by 104% to $84,116.  This was up from $41,198 in Q3. The median ransomware payment in Q4 was $41,179.
  • Ransomware downtime: In Q4 2019 the average downtime increased to 16.2 days from 12.1 days in Q3.
  • Common ransomware attack vectors: The mass availability of Remote Desktop Protocol (RDP) credentials to corporate networks for as little as $30 per IP address has made carrying out a targeted attack extremely cost-effective for the attackers. For larger enterprises, email phishing continues to be the preferred method of initial compromise.
Systems and Networks both small and large are constantly under attack. Are your teams protecting your systems, and would they know if an attacker gained access to your network? ControlScan's Managed Detection and Response (MDR) goes beyond traditional SIEM and Anti-Virus/Anti-Malware by providing a 24x7x365 active detection, prevention, and remediation services to ensure your systems and corporate assets stay protected.

I'd love to discuss your organizations' cybersecurity posture and show you how ControlScan can help.  Don't hesitate to contact me @ jgaeta@controlscan.com, (678) 694-0687, or schedule a call with me here.

I look forward to hearing from you.