Malware is an ever-present, if sometimes forgotten, threat to our IT systems. We tend to think that anti-malware and other security measures have effectively blocked out the threats of old worms and viruses. The real threat is against network and application security. However, hackers always look to launch malware into compromised systems to listen, learn, and steal information.
The fifth requirement of PCI DSS 4.0 is all about protection against malware. IT systems handling PAN or other cardholder information must have specific anti-malware security measures to mitigate these threats and ensure that they haven’t made their way into protected system resources.