We’ve all heard it before: an ounce of prevention equals a pound of cure. This may seem relatively evident in data security, but I recently had some time to think about this on a much more personal...
Michael and Richard Hyatt have acquired a majority stake in Mississauga-based DataStealth, an enterprise cybersecurity firm that helps banks and hospitals protect their data. For the brothers—both...
In today's data-driven age, enterprise success isn't merely contingent on possessing vast amounts of data but on comprehending its nature and value. Amid the sea of information enterprises deal with...
In 2006, British mathematician Clive Humby struck a chord with a powerful phrase: "Data is the new oil." Just as crude oil requires refinement to unleash its power, data in its raw form holds latent...
Do you deal with payment cards? Did you miss the PCI SSC Community Meeting? Let me get you up to speed. Last week in Portland, experts and professionals from the payment card industry came together...
In today's digital landscape, every transaction, every byte of data, and every customer interaction can be as much a source of potential risk as it is of potential profit. Cybersecurity and data...
Securing Your Company's Lifeblood in the Age of Cyber Insecurity For the average modern company today, its lifeblood isn’t money. It’s data. Data drives every part of today’s businesses, from...
"Insanity is doing the same thing over and over and expecting different results." Whether it was Einstein or someone else that said that is irrelevant. What is relevant is that organizations continue...
Digital transformation is transforming every aspect of how organizations compete and operate today. This radical change is reshaping how enterprises produce, store, and manipulate an ever-increasing...
Data privacy regulators in Canada have, in a resolution, called on state governments to place a premium on data protection as the country develops its digital ID ecosystem.
Each party related to processing, storing, or transmitting cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS) administered by the Payment Card Industry...
The vast majority of organizations lack confidence in securing their data in the cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to...
October might make you think of Halloween and pumpkin spice lattes, but it has also been known as Cybersecurity Awareness Month since its founding in 2004. It’s the official yearly reminder to take a...
On June 16, 2022, the Canadian government introduced Bill C-27, which introduced three Acts meant to modernize federal privacy laws. I reviewed the Consumer Privacy Protection Act and the Personal...
Cloud security compliance is a must-have for organizations utilizing cloud services. Configuring and securing new infrastructure can be challenging; ensuring proper adherence to cybersecurity...
Since the PCI Standards Security Council released version 4.0 of PCI DSS on March 31st, it has become the center of debate in the global payments and compliance industry. As new privacy regulations...
The upcoming changes to the Payment Card Industry Data Security Standard (PCI DSS) will affect every organization that stores, transmits, or processes cardholder data and/or sensitive authentication...
Data sovereignty. A simple notion, right? Not so fast. What may appear to be a relatively straightforward concept has instead become an extremely complicated situation due to the numerous regulations...
While legacy core banking systems once provided the backbone on which the world’s financial infrastructure is built , the processing demands of digitalization and heightened customer expectations...
The term seems to have taken on a life of its own, but when we talk about data sovereignty, we are talking in legal terms about data(opens in new tab) management – specifically whether our data meets...
Cloud storage is the ultimate in technology outsourcing. Business units and IT teams don’t need to know how the technology works or even where it is: to set up a cloud service; they just need a...
In recent years, digital encryption has been subject to what anthropologists sometimes call “social silence”. It may be a fundamental part of our lives (we depend on it whenever we bank online, send...
On June 16, 2022, the Canadian government tabled Bill C-27 “An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial...
Minister of Innovation, Science and Industry François-Philippe Champagne and Justice Minister and Attorney General David Lametti introduced Bill C-27, the Digital Charter Implementation Act, 2022 on...
Ed Skoudis knows he and his colleagues at the SANS Institute could easily have come up with a list of the 50 top cyber-threats of 2022. It’s been that kind of year. But Skoudis, whose cybersecurity...
Data splitting is when data is divided into two or more subsets. Typically, with a two-part split, one part is used to evaluate or test the data and the other to train the model. Data splitting is an...
With the advent of DevOps, testing plays more of a starring role in developing financial services software, but many still view it as an annoying bottleneck. Within that, the biggest bottleneck of...
Much is written about the corporate threat from shadowy remote hackers. A cybercrime economy worth trillions has certainly made this disparate bunch of financially motivated threat actors a major...
Cybersecurity has become one of the most crucial aspects of modern businesses. Digitization has immensely increased during the past couple of years. The global usage of various services like video...
On April 10, 2020, Atlanta-based fintech firm Brightwell was navigating more than the deadly COVID-19 pandemic. It all started with a series of customer phone calls. That morning sometime between 7...
Standards are often force-fed to the industries they govern, but that doesn't seem to be the case with the latest version of the PCI Data Security Council's global Data Security Standard (PCI DSS)....
Few security standards have been around for quite as long as the Payment Card Industry Data Security Standard (PCI DSS). Since its inception in 2004, it has mandated a strict set of operational...
Data privacy is a squishy thing. It varies widely depending on whether you’re in the EU, Brazil, the U.S., or even state to state. That’s because privacy is a legal construct. Yes, you need to...
Nowadays, data has become corporate lifeblood. As a result, executives focus on trying to find ways to leverage it for corporate advantage. However, as organizational reliance on data has grown, so...
PCI DSS 4.0 replaces version 3.2.1, which PCI SSC released in 2018. The goal of the latest version of the standard is to “address emerging threats and technologies and enable innovative methods to...
If you’re reading this, no doubt you take data security seriously. Your company might even have an industrial-strength firewall, rock-solid data governance rules, a professional security team, and a...
Data governance is a growing challenge, complicated by a plethora of new laws requiring compliance. And the stress only goes up with increasing data volumes coming from multiple structured and...
The cyber threat landscape has changed. Web attacks that were once separate and distinct have come together in a continuous and integrated cycle of cybercrime. One kind of attack fuels another,...
Today’s businesses must accept credit cards to stay competitive in the marketplace. With credit card fraud, identify fraud and stolen data on the rise, maintaining a safe environment for charge card...
The data harvested from our personal devices, along with our trail of electronic transactions and data from other sources, now provides the foundation for some of the world’s largest companies....
The healthcare industry has been transforming radically over the past decade under digital technologies. The global pandemic has accelerated data and processes, challenging the world to change....
In September 2021, Quebec Bill 64, An Act to modernize legislative provisions as regards the protection of personal information, was unanimously adopted by lawmakers in the province. With a...
Data is pretty important to any business these days. Many people claim that data is the most important asset you can possess, with more utility than capital assets and with more meaningful (though...
DevSecOps is everywhere. More and more organizations realize that the traditional separation between DevOps and security is wasteful and dangerous. As a result, they are rushing to integrate security...
Across the past several years, consumer attitudes and expectations around data privacy and security have shifted, as influenced by a profusion of new data breaches, more online shopping and momentum...
In recent months, many users have claimed their Roblox accounts were stolen on Bilibi, a Chinese youtube. Estimated by RTrack, Roblox has 202 million monthly active users by April 2021 and over 65%...
Ransomware. It’s a word that I’m almost as tired of hearing as “…due to the pandemic…” and “new normal”. But it’s also a word that finally brought the importance of cybersecurity into sharp focus for...
To follow up on an earlier communication, PCI SSC is now targeting a Q1 2022 publication date for PCI DSS v4.0. This timeline supports the inclusion of an additional request for comments (RFC) for...
Technology and security practices continue to evolve, with a considerable shift in strategic focus in recent years. Current thinking is that legacy perimeter security can no longer serve as the...
Biometrics are increasingly becoming a part of everyday life, from unlocking your phone with your face to iris recognition for e-government services or airport security and voice recognition when you...
Cloud security professionals are dealing with no shortage of security concerns. Digital transformation to the cloud and a split of the security responsibilities between cloud vendors and cloud...
As the world moves further into the digital era, data security has been an ever-growing concern. Cybercrime continues to climb as digital data becomes more and more prevalent. In light of these...
KPMG's 2021 Cyber Security Poll recently surveyed business owners or decision-makers at primarily medium-sized businesses and 1,000 Canadians ahead of Cyber Security Awareness Month for their views...
Don't let your guard down just because you are on a mobile device. Be just as careful as you would on a desktop! Mobile attacks are intended to compromise and steal our data. In most cases, users...
I’ve recently been thinking about how much more effortless and affordable it has become for users to add a new cloud-based application to their tech stack than traditional on-premises software....
On September 21, the National Assembly of Quebec adopted the Act to modernize legislative provisions as regards the protection of personal information. The adoption of this Act puts an end to a...
Publishing data of all kinds offer big benefits for government, academic, and business users. Regulators demand that we make that data anonymous to deliver its benefits while protecting personal...
The BIN, which is used to identify the institution that issued the card, has traditionally composed the first six digits of the Primary Account Number (PAN). The International Organization for...
Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their...
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees...
Cyberattacks and data breaches have risen dramatically in recent years and no industry or organization is immune to these attacks. Merchants, governments, healthcare, critical infrastructure are...
In part two of our series, we take a deeper dive into how JavaScript works and its implications to web and e-commerce security and compliance. This demonstration will not surprise anyone with a deep...
It turns out that how you implement e-commerce can have a huge impact on your compliance footprint (i.e., the number of PCI security controls assessed depend on your implementation decisions)....
TORONTO, Aug. 16, 2021 /CNW/ - Prodigy Ventures Inc. (TSXV: PGV) ("Prodigy" or the "Company") today announced an agreement between its wholly-owned subsidiary, IDVerifact Inc. and DataStealth, to...
Attacks on the life sciences and healthcare sectors (healthcare providers and health technology, medical device, pharmaceutical and biotechnology companies) increased significantly in the last year,...
In a recently published article by Forbes titled "Maintaining Data Residency Requirements During A Complex Data Migration," it is highlighted that over 130 countries have enacted legislation with the...
Tripwire announced the results of a research report that evaluated cloud security practices across enterprise environments in 2021. Conducted by Dimensional Research, the survey evaluated the...
The 14 Cloud Security Principles released by the National Cyber Security Center (NCSC) provides guidance to organizations in the UK when evaluating cloud providers. This article focuses on the main...
PCI DSS v4.0 is coming and will bring big changes. The exact nature of the changes isn’t yet available as the standard is still evolving under the PCI Councils Request For Comment (RFC) process. In...
In a time marked by rapid technological innovation, marketplace globalization, and polarizing social change. And then we froze. In what seemed like an instant, our sense of normalcy — in our social...
Much of this increase in technological reliance has long been foreseen; anticipated by researchers, academics, and the especially tech-savvy folks among us. What was not anticipated, however, was the...
The rapid growth of encryption technology has revolutionized the online marketplace and helped to enable the creation of anonymous online networks, like the Dark Net — a hidden forum for which has...
The prevalence of digital communication has created nearly limitless possibilities for the rapid, large-scale sharing of private communications, intimate images, and personal information. Through the...
As we continue to adapt to the changing demands to navigate the spread of COVID-19, an increasing number of workspaces and social interactions have had to rely much more heavily on email and other...
The global spread of COVID-19 has been a huge catalyst in our increased reliance on digital technologies, particularly our networked communication infrastructure. With the rapid influx of demand for...
With the global spread of COVID-19, online scams are circulating and malicious actors have been spreading malware intended to steal individual information through both personal and corporate...
The Privacy Act and the Access to Information Act were both implemented by the Canadian federal government in 1985 and have acted as a starting point for more recent legislation and privacy laws,...
The end of last year marked the end of a decade that has been marked by rapid technological development, advancing data-use research, and an increasingly hyper-connective global infrastructure....
Between the financial, ethical, and social costs of leaked or insecure consumer data, there is no doubt that keeping online environments secure is a top priority for most organizations. By investing...
Ontario is closer to creating its own provincial privacy law that would include a right to privacy and a corporate obligation to report privacy breaches. This week, the province said it’s considering...
Most organizations understand that they need to protect their data for their own operations, but the proliferation of data protection laws such as the European Union's General Data Protection...
We’ve seen rapid, widespread adoption rates for Software as a Service (SaaS) apps over the last 24 months as organizations adapt to post-COVID business operations. And all signs point to continued...
Data privacy has been a hot topic in the tech world for years now. With every new technology come new regulations that require companies to completely re-examine the way they handle private data....
The European Union unveiled strict regulations on Wednesday, April 21st to govern the use of artificial intelligence, a first-of-its-kind policy that outlines how companies and governments can use a...
Have you heard about data residency? If you haven’t, it’s a concept that determines where different organizations store your data. Some nations have stricter data protection laws, while others have...
Make sure you can recover quickly. A cyber attack may mean you lose some or all of your data, such as pictures, documents, or financial or client information. Backing up regularly will help you get...
Once you’ve set up strong, separate passwords for all your devices and services, there are other things you can do to reduce your risk of being hacked.
Due to coronavirus, people are spending more time online this year. This means more opportunities for hackers to carry out cyber attacks. They often do this by targeting people and businesses using:...
Think of everything you've posted online over the past year — photos, blog entries, comments on websites, and so on. Now consider how much of that content says something about you as an individual,...
Yes, it can be confusing in telling the difference between data security and data privacy. But it’s pretty crucial for company owners to get an idea of differentiating the two before deciding to...
Credit card details, online banking logins, and social media credentials are available on the dark web at worryingly low prices. Researchers at privacy website PrivacyAffairs.com collected hundreds...
In November 2020, Canada introduced new federal privacy legislation that, if adopted, will create one of the strictest data protection regimes in the world, accompanied by some of the most severe...
Data is the heartbeat of every business application and having a proper testing strategy is essential. Data is, after all, a business's most valuable asset. Data breaches bring Enterprises to the...
This table, created by Fasken, compares the information protection laws of Canada (Personal Information Protection and Electronic Documents Act), California (California Consumer Privacy Act), the...
Protecting personally identifiable information (PII) is one of the key aspects of a security experts job. What does personally identifiable information include? Social Security numbers, birth dates...
Stricter data privacy regulations and enforcement is no longer a new trend, it’s the known future. Living in a world of increasing data that often contains private information, lawmakers in several...
Every week there seems to be a news story about another massive data breach with millions—and sometimes billions—of records containing personal data lost or stolen. We regularly hear about cyber...
“I believe people are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them....
2020 was a wake-up call for more than healthcare pandemic preparedness. It also exposed some huge security and privacy vulnerabilities, which many cybercrooks have exploited thousands of times...
To secure a system, you first have to understand it. Good architecture diagrams are key to this. Unfortunately, the quality of them varies. So, in this blog post I want to give you some tips, and...
Healthcare institutions sit on vast amounts of data. This can lead to valuable insights that can greatly improve the medical space when analyzed and used for research. The Healthcare Insurance...
Privacy settings are a way of having some control over how organizations handle your personal information online. That said, it is important to be cautious and to keep privacy top of mind, even when...
Understanding Social Media’s Risks and Benefits The impact of social media on our everyday lives is immense; something unimaginable even just 10 years ago. But the benefits of near-instantaneous...
The theme for Data Privacy Day 2021 is “Own Your Privacy.” Surveys and industry reports show that many of us feel an increasing lack of control over our own data. Despite this perception, tactics...
Imagine if everyone with a smart lock on their front door had to assume it had been compromised and thieves could sneak in for several months. How would you begin to figure out what’s missing? What...
The data-powered world is here. Data empowers our national and global economy: it enables organizations to improve decision making and drives innovation; it empowers companies to provide exciting...
As COVID-19 has introduced a more aggressive and evolving cyber threat landscape, the need for companies to develop the right infrastructure to mitigate cybersecurity risk is more important now than...
Canada’s proposed new privacy legislation, the Consumer Privacy Protection Act (CPPA), contains a number of new requirements regarding how organisations collect, use and disclose personal...
One of the more lively discussions at our past PCI Dream Team session involved a discussion of requirement 12.8 and third party management (i.e., service providers). What got the discussion started...
After achieving a narrower than expected mandate of 56% on November 3, the California Privacy Rights Act (CPRA) has now passed. This new act overhauls the preexisting California Consumer Privacy Act...
On November 17, 2020, the Minister of Innovation, Science and Industry, Navdeep Bains, tabled proposed legislation in Parliament that aims to overhaul Canada’s data privacy law. Bill C-11, entitled...
Accepting ACH payments is often a must for companies across verticals and business models. While often described as a legacy payment rail, it's a tried-and-true method of moving money that's often...
One of the most important considerations for any organization migrating workloads and applications to the cloud is ensuring that the cloud infrastructure they build on is secure. For many...
In a major break from the Payment Card Industry security standards playbook, merchants and service providers using newer technologies would have the opportunity to rewrite network operation and...
In the movement to give consumers more control over their personal data, Canada has been a pioneer. Its first data privacy regulation, the Personal Information Protection and Electronic Documents...
Consumers, businesses, and entire systems all over the world are under threat on a daily basis. Valuable personal and financial information is exposed and ready for the taking. Simple tasks like...
With businesses embracing remote work as the new norm, a long-term IAM (identity and access management) strategy to support a remote workforce is now a top priority. Even for businesses that offered...
2020 presented us with many surprises, but the world of data privacy somewhat bucked the trend. Many industry verticals suffered losses, uncertainty and closures, but the protection of individuals...
Your brand is a valuable asset, but it’s also a great attack vector. Threat actors exploit the public’s trust of your brand when they phish under your name or when they counterfeit your products. The...
According to our recent Cybersecurity Study,Canadians recognize the need to be extra vigilant in guarding against cybersecurity threats that have become more pronounced as a result of COVID-19, but...
It is a common feeling in the cybersecurity community that CISOs do not sleep well at night. CISOs worry about the latest incident, end of life technology in their environment, breaches in the news,...
In the next two years, it is likely organizations across Canada will become subject to more detailed and more stringent privacy laws. When the change comes, many businesses – having benefited from a...
CONNECTING EVERY POSSIBLE device in our lives to the internet has always represented a security risk. But that risk is far more pronounced when it involves a smartwatch strapped to your child's...
Sitting in the midst of an unstable economy, a continued public health emergency, and facing an uptick in successful cyber attacks, CISOs find themselves needing to enhance their cybersecurity...
Cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are...
On June 12, 2020, the Québec government proposed a significant overhaul of its current privacy laws through the introduction of the highly anticipated Bill 64, An Act to Modernize Legislative...
The short answer is yes, they are. Apps always ask for permission to look at this or that on your phone. But what happens to the data they acquire? And who, exactly, gets to see that data? The story...
PCI DSS is the data security standard for the payment card industry and is maintained by the PCI Security Standards Council (PCI SSC). This standard is presented as the minimum criteria merchants...
As the world continues to focus on the ongoing effects of COVID-19 and plan for a recovery, many have noticed a seismic shift in Canada’s privacy laws. In addition to the Competition Bureau of Canada...
If anyone doubts the financial or business importance of developing an effective privacy strategy, even a brief look at to Cisco 2019 Consumer Privacy Survey for 2020, published in January shows that...
Historically, user data privacy has been considered largely a legal or security concern, and not prioritized until an unfortunate breach or leak. In the not-so-distant past, engineers would often...
WHEN LAW ENFORCEMENT arrested three alleged young hackers in the US and the UK last month, the story of the worst-known hack of Twitter's systems seemed to have drawn to a tidy close. But in fact,...
The demand for cloud computing has skyrocketed in recent years. Lower costs, a faster time to market, increased employee productivity, scalability, and flexibility are some of the beneficial factors...
Medical records command a high value on the dark web due to the large amount of personal information they hold. Cybercriminals can sell stolen healthcare data for a massive profit, up to $1,000 for...
.svg){kind=small}
