BLOG HOME > Cybersecurity > Top 5 Cybersecurity and PCI Compliance Blogs of 2020

Top 5 Cybersecurity and PCI Compliance Blogs of 2020

At SecurityMetrics, our mission remains to help you close data security and compliance gaps to avoid data breaches–not just with security tools, but through testing, managed security, threat intelligence, and 24/7 live support. 

As part of that mission, we’ve put together some of our most helpful blogs from last year. Here are our top 5 blogs from 2020 to help you review and plan your cybersecurity:

1. What is a Managed Firewall and Do You Need one? 

This post covers how managed firewalls and other services fit into managed security offerings. Security Analyst Todd Hovorka (CISSP, CISA, QSA, PFI) recounts the top firewall issues that he and other SecurityMetrics security analysts see in the field and reveals that firewall misconfigurations and security gaps are the rule, rather than the exception. In fact, many breaches at large restaurants and retailers have originated from a firewall misconfiguration allowing outside traffic through.

Companies that don't have the personnel resources available to manage their firewall or other security devices can close data security gaps and better prevent data breaches by using a managed firewall service. 

SecurityMetrics Pulse Helps You Manage Threats

Start Here

2. Recap: SecurityMetrics’ 2020 Virtual Cybersecurity and Compliance Summit

As hackers adjusted their tactics in the wake of the COVID crisis, so did the cybersecurity and payments industry. Communication and education are key to protecting data, so security and compliance organizations worked to bring trade shows and forums online

SecurityMetrics created Summit, a virtual conference, to fill knowledge gaps and help businesses understand the latest technology innovations in cybersecurity and compliance. Security Analysts, PCI Program Managers, Executives, Pen Testers, and Product Experts covered topics from data privacy (GDPR, CCPA) to COVID cyber threats, PCI compliance to e-commerce skimming attacks.

This blog covers the top moments, quotes, and lessons from Summit 2020. Access all Summit sessions and content here. 

3. How to Prevent Formjacking and E-Commerce Skimming (Magecart Attacks)

The online payments ecosystem is plagued by formjacking attacks that siphon credit card data and other protected information from shopping cart pages. SecurityMetrics’ Shopping Cart Monitor, powered by WIM technology is a patented product that detects and stops these skimming attacks on ecommerce websites.

This post is based on an episode of the SecurityMetrics Podcast with Host Jen Stone (MCIS, CISSP, CISA, QSA) and guest Aaron Willis (PFI, CISSP, QSA). They discuss the issue of formjacking, why current security methods don’t work, and how you can stop these attacks.

Have an Upcoming PCI Audit Deadline?

Request a Quote Here

4. PCI Assessment FAQs

After nearly two decades in the data security industry, we’ve gained valuable insights—particularly when it comes to complying with the Payment Card Industry Data Security Standard (PCI DSS). To address some of the most common questions we receive about PCI assessments, we sat down with Lee Pierce, Sales Operations Director and a PCI assessment expert with over 15 years in the industry.

This post covers questions like “How much does a PCI Assessment cost?,” “Who can self assess for PCI compliance?,” and “What if I don’t pass my PCI Assessment?”

Watch all PCI DSS Assessment FAQs.

5. Penetration Testing FAQs

Did your business get a penetration test in 2020? Whether you need one for a PCI compliance requirement or because of a security incident, the process can seem overwhelming. This post outlines the penetration testing process in detail and answers some of the most frequently asked questions related to this important security test. 

Download the Interactive Pentest Timeline.

Learn if and why you need a penetration test, how to prepare for one, as well as the different types of penetration tests. Also find out how much a pentest costs and how to know if your penetration testing company is truly qualified or is a scam. 

Join Thousands of Security Professionals and Subscribe