New malware program PoSeidon targets retail POS credit card terminals. Lazarus Alliance QSA services protects clients against it.

The stunning reality is that the majority of retailers accepting credit cards are still vulnerable to the newest threat to accepting credit cards from consumers. Lazarus Alliance has been years ahead with proactive cyber security services.

Researchers from the Cisco Security Solutions team have dubbed the latest malware to attack point-of-sales (POS) systems PoSeidon. Compromised POS systems are vulnerable to these attacks, which allow the RAM of an infected terminal to be scanned by the malware. PoSeidon looks for unencrypted credit card data, and then transmits that data out to an exfiltration server controlled by the cyber criminals.

This technique has long been known to security experts. The Proactive Cyber Security™ services at Lazarus Alliance has been years ahead of this issue by offering solutions to companies that utilize POS systems that ensure this memory scraping technique does not compromise a payment process.

William Ochs, GRC Partner of Lazarus Alliance said “Not only has Lazarus Alliance long called for end-to-end encryption technology to be utilized to mitigate the risk posed by POS threats, but Lazarus Alliance also has a proven track record of offering actual solutions to implement end-to-end encryption protecting retailers globally.”

As long as organizations remain reactive instead of proactive in their approach to cyber security, they will continue to fail the constituents they work to protect. The PoSeidon POS malware program is another example in a daunting list of the challenges that face organizations concerned with their PCI DSS stance.

As a PCI DSS audit Qualified Security Assessor (QSA) company, Lazarus Alliance has been approved by the PCI Security Standards Council (SSC) to measure an organization’s compliance to the PCI DSS audit standard. Lazarus Alliance specializes in providing our clients with scalable, efficient solutions for meeting the rigorous demands of Payment Card Industry (PCI) compliance. We do this in part because of our breakthrough proprietary technologies called the IT Audit Machine (ITAM) and the Policy Machine.

“It’s incumbent upon security professionals to proactively advocate for best practices in cyber security, risk and compliance; too often, the opposite occurs in the industry,” said Ochs

Learn more about Lazarus Alliance and why Lazarus Alliance is Proactive Cyber Security™!

Recently Michael Peters, CEO of Lazarus Alliance, spent time with David Cogan of Money Radio and eLiances discussing the differences between proactive cyber security and reactive cyber security. You can replay the broadcast as heard on money radio.

An overview of the discussion was when you think cyber security, what comes to your mind first?

I’ve posed that question to many an audience over the years and most frequently the response is what folks see on the nightly news or through some new source. Recently people will respond with examples such as Home Depot, Target, Sony, JP Morgan and the European Central Bank which of course are just a few of the most notable instances of breaches we seen in the news over the last twelve months.

I point out to these same groups that in reality, there are only two forms of cyber security and its Proactive Cyber Security and Reactive Cyber Security. I’ll explain what that means and let’s see if you agree.

Reactive Cyber Security situations are going to be in the news because something bad has happened. Reactive security companies help you clean up the mess. When you become aware of a cyber security breach at some company, it’s probably because you are watching the business catastrophe unfolding through some syndication source. You eventually get a notification by the company, your bank or credit card provider informing you that your private and personal information has been stolen which leaves you to worry and watch hoping that nothing bad happens to you.

From a business standpoint, it has become painfully obvious at all levels including shareholders that cyber breaches have a really negative impact on business value not to mention careers of everyone involved especially at the highest levels of the company. We have all seen for the first time in 2014 CEOs, CIOs and CISOs losing their jobs as a direct result of culpability or negligence on their part.

No doubt about it, cyber security breaches have a hugely negative impact on the financial health and reputation of the victim company.

So this brings me to the second form of cyber security which is proactive cyber security. Proactive Cyber Security is all about keeping you out of the news by implementing the right controls and countermeasures. We know it’s not enough for the government or the private sector to have rules and regulations. PCI DSS certification did not save Target, Home Depot or other retailers. The FFIEC or the NIST Framework for Improving Critical Infrastructure Cybersecurity did not save JP Morgan or other financial institutions from their breaches.

You need qualified assistance to make it effective. It’s tough when there are not enough talented cyber security professionals to go around. Businesses are short-staffed. Academia is not training and educating enough to keep up with the demand.

The best possible course of action to avoid being the latest corporate cyber security breach is to take a proactive approach. I’m the CEO and Lazarus Alliance is Proactive Cyber Security™.

Be sure to check out the dynamic group of hybrid entrepreneurs who spend time together at eLiances where entrepreneurs align hosted by David Cogan.

Thank you to Money Radio for inviting me to discuss the differences between Proactive and Reactive Cyber Security.

Lazarus Alliance PCI QSA Services

From PCI DSS Audit to IT Security Consulting, the experts at Lazarus Alliance provide a variety of services to fulfill your audit needs.

The professionals at Lazarus Alliance are completely committed to you and your business success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations. Our competition may want to keep you and your employees in the dark where security, risk, privacy and governance are concerned hoping to conceal their methodology and expertise. We don’t prescribe to that philosophy. We believe the best approach is transparent and built on a partnership developed on trust and credibility.

Lazarus Alliance’s primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence – in any jurisdiction. Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law and compliance leadership solutions and is fully dedicated to global success in these disciplines.

Once a company has made the decision to enlist a third party to provide a service, they want assurances that those services will be provided timely, accurately, and securely. A PCI DSS audit shows your commitment to maintaining a sound control environment that protects your client’s data and confidential information.