As more companies increase their cloud presence, allow their workforce to work remotely, and expand their threat surface, security professionals and cybersecurity frameworks must constantly up their game to wage successful countermeasures to ensure they do not fall victim to the ever-increasing threat. Many sectors and industries are under the scrutiny of the Payment Card Industry Security Standards Council (PCI SSC), a global forum comprised of payments industry leaders to develop and drive adoption of data security standards and resources for safe payments worldwide. Even if they aren’t, businesses can take advantage of measuring the security controls that the PCI data security standard helps to enforce. For a good part of my IT security career, I have been a strong advocate of the PCI SSC and their efforts to eliminate security threats to payment card data across affected industries, and to help non-affected industries develop baselines to measure their security posture.
My colleagues and I are excited to announce that Cybersixgill has recently become the first actively contributing cyber intelligence company to align with the PCI SSC as a participating organization. Together, we will continue a positive trend of helping companies enrich their cybersecurity posture and accelerate the prioritization of their systems gaps using the PCI DSS as a baseline of measure.
I am often asked by customers and partners in the industry why Cybersixgill chose to align so closely with PCI’s data security standards. I thought I’d answer those questions and hopefully add some clarity to our association, membership, and alignment with the PCI SSC in helping organizations navigate the threat-scape.
Why is Cybersixgill a Participating Organization (PO) with the PCI SSC?
Cybersixgill’s strategy from the very beginning was to recognize and advocate for groups within the cybersecurity community that help promote and develop better data security frameworks as well as how to measure the risk to that data. We recognized the guidance of the PCI DSS as leading in the development of best practices and data security baselines that provide critical guidance to the marketplace and our customers. From the moment that we established the GRC program at Cybersixgill, alignment with the PCI DSS has been a mandatory component in our strategy as it encourages the convergence and synergy between cybersecurity and regulatory security mandates.
Being in tune with the trends and changes with the PCI SSC is an essential component needed to ensure Cybersixgill is well positioned to provide influence and input into the frameworks that the marketplace turns to when solving security problems as well as better protecting their enterprise. Additionally, we have trained advocates for PCI consisting of PCIP’s and former assessors, and formulated a department whose sole purpose is to nurture and develop our compliance strategy as it pertains to the PCI DSS.
What value does Cybersixgill realize from its PO membership?
There are many benefits that Cybersixgill values in our PO membership. One of the greatest is being better connected with our marketplace and customers. Being a PO instantly demonstrates to customers that we are committed to being thought leaders within our industry and are serious about standing by our founding mission of enriching cybersecurity posture, while reducing the noise associated with analyzing and stopping cyberattacks.
With that, customers look to us to provide ongoing advice and consultation on security issues. Many of our customers across verticals such as retail, healthcare, finance, hospitality, and services also need to deal with PCI and other regulations, attempting to balance the efforts to align with the standards.
Being a PO demonstrates that we take data protection seriously and advocate for institutions that promote positive, proactive data security hygiene. Our customers understand that we are interested in investing not only in winning their business but being an active, involved member of their specific cyber community. Belonging and actively contributing to the PCI community goes a long way for Cybersixgill and the development of our solutions.
Common questions from the payment industry, such as if and why we are a PO?
We are often asked by others across the industry if and why we are a PO. Aside from all the obvious benefits, such as understanding the customer’s pain points and obligations regarding PCI, and aligning our solutions to benefit on-going, continuous PCI compliance, we like to focus on some of the less obvious but longer-term benefits.
One of the key benefits is the ability to get involved with a larger community that has been built on sharing solutions around a common goal. There is an element of trust within the PCI community where fellow members help each other learn and win the cybersecurity and data security challenges we all face. Anyone who has been to a PCI community meeting will know how collaborative and open people are. Having this type of access helps tremendously in shaping our strategy at Cybersixgill, and we are always learning from the open conversations with other POs.
How does Cybersixgill take advantage of the benefits of being a PO?
One PO benefit that we do not take lightly is how we are able to help hundreds of PCI member organizations learn about trends in the data security market. We look forward to having a big presence at the community meetings in the fall by taking advantage of the many levels of attendance and options, and getting involved in upcoming live and in-person events.
Getting an advanced review of the standards and supplements will be a critical part of our go-to-market strategy and product development. We will provide feedback and ensure that our solutions are in-line with the newest versions of the standards that we help with.
Our industry is moving at light speed, and Cybersixgill is delivering a new generation of security solutions for data protection and compliance. We are developing and providing industry leading solutions at the same time the market opportunity is growing and changing rapidly.
While addressing our extended market, we also continue to expand our strategy as it pertains to common baseline security frameworks, standards, and best practices, while aligning closely across those areas to ensure coverage with the PCI SSC, the DSS, and the PCI communities. Being a PO and having extended visibility to all facets of PCI and our industry has allowed us to remain at the top of our game in the regulatory community and ensure maximum coverage on Cybersixgill’s presence across all tiers.