Online gaming is a sector often considered as a “winner” during the pandemic because it was spared from significant upheaval and actually experienced a lot of growth.

However, a report called ‘Gaming in a Pandemic’ reveals that the cyber attack traffic targeting the video game industry also grew more than any other industry during the peak of COVID-19.

According to the report, the video game industry suffered more than 240 million web application attacks in 2020, presenting a 340% increase from 2019.As players engage in microtransactions to get virtual in-game items, gaming accounts are often connected to credit cards and payment processors like PayPal, which present a lucrative opportunity for bad actors.

Cybercriminals who target gamers often belong to informal structures that can emulate the efficiencies of standard enterprise operations.

This means it’s not just a cybersecurity problem exclusive to gaming; these malicious actors have the resources to attack other individuals and businesses.

Here are three ways online gaming can pose major cybersecurity challenges-

Growing incidents of unethical financial practices and increased risk of unauthorized corporate and financial disclosure in the industry was the driving factor behind the establishment of SOX Compliance.

Today, achieving SOX compliance is seen as an industry best financial practice for maintaining a good data security standard.The Act was introduced to bring in a major reform in the security and governance of financial disclosure and further gain public trust and confidence over an organization’s auditing and financial reporting.

The standard aims to govern the financial operations, disclosures, and contracted financial services against any unethical practice.

Elaborating on the requirements of SOX compliance, we have shared some tips that can help organizations like you achieve compliance.

But before heading straight to the compliance process, let us first learn a bit more about SOX Compliance.The Sarbanes-Oxley Act which is also popularly known as SOX Compliance is a standard that protects clients and stakeholders from fraudulent financial activities and disclosures.

The SOX Act outlines compliance requirements for organizations to adhere to and ensure secure business practices.The objective behind enforcing SOX compliance is to improve the accuracy and reliability of financial activities and the corporate disclosures.

Online security has become a necessity over the recent years.

While 20 years ago people were aware that there were dangers on the internet, cyber threats were not so common.

They were more like vague ideas that happen to big companies and that we hear about on the news than something that happens to ordinary people.

But the reality has changed.

The internet has become a part of our daily lives and we are spending more and more of our time in the digital world.As our online presence has increased, so has the level of cyber threats.

Now, not only do we hear about cyber-attacks daily, but most of us have experienced some type of cyber threat in our life.

Data Protection Impact Assessment is a mandate under the GDPR Regulation.

Organizations are required to annually conduct DPIA assessments to evaluate the risk exposure and the impact that it may have on sensitive data.

DPIA is an important part of an organization’s cyber security and privacy program.

However, not all organizations are required to conduct a DPIA assessment.

Only organizations that are believed to process data that may result in a high risk to data subject rights or freedom will require conducting DPIA.

So, for a better understanding of what kind of processing activity is considered risky and requires DPIA, we have today shared some general rules and specifications outlined in the GDPR Regulation about conducting DPIA in an organization.

Integrating ISO27701 in PIMS to Improve Data Privacy.Organizations are constantly looking to improve their data privacy programs amid the increasing demand and growing concerns regarding the privacy of data.

PIMSA is an effective approach towards ensuring privacy and security of personal data.

It helps organization manage personal data in line with consumer expectations and in compliance with various regulations, standards, and data privacy requirements.So, one way organization can look to implement PIMS is by adopting the ISO27701 Standard which is the first International Standard for Privacy Information Management.

Explaining the benefits of integrating ISO27701 and PIMS in detail, VISTA InfoSec is conducting an informative webinar on “Integrating ISO27701 in PIMS to Improve Data PrivacyThe webinar conducted will be a live and interactive session, wherein you can participate and learn about the standard and techniques of achieving compliance with various data privacy regulations.

The forum will be open for queries where you can clear your doubts about the standard.

Learn about the international standard and techniques to improve Data Privacy with our in-house expert - Mr. Narendra Sahoo (PCI QSA, PCI QPA, PCI SSFA, CISSP, CISA, CRISC) the Founder and Director of VISTA InfoSec.

Scoping is the first step to gaining or maintaining PCI DSS compliance, and effective scope reduction can reduce the time and cost of becoming compliant.

Reducing scope is of prime importance in PCI DSS, not just it saves audit cost, it helps organisation save time and money in managing compliance, managing technologies and more importantly, reduce liability incase of a breach.This free webinar provides step-by-step guidance on scoping the CDE, identifying areas where processes or technologies can be consolidated.

This includes gathering information, defining a perimeter and analysing data flow.Simplify the certification process by joining our ace QSA - Narendra Sahoo to understand:• The importance of determining the system components, people and processes to be included in the scope;• How to create an accurate data flow diagram to map the movement of cardholder data;• What to include when mapping the IT infrastructure and external connections; and• Five Effective methods to reduce the scope.

Whether your organisation comes under PCI DSS or not, join us for furthering your knowledge on the card payment ecosystem.watch this video..

Saudi Arabia ranks among the top few countries in the world that are known to take its Cybersecurity programs very seriously.

Committed to building a safe haven for businesses in the country, the National Cybersecurity Authority (NCA) of Saudi Arabia introduced the Essential Cybersecurity Controls Compliance Programs.

Taking into account the best Cybersecurity practices globally, analyzing the major Cybersecurity incidents prevailing in the country, and also considering the opinions of various prominent businesses, the NCA developed a well-articulated and comprehensive  ECC Compliance program.

With the enforcement and mandate of complying with the standard, all the government organizations in the Kingdom of Saudi Arabia are required to strategically adhere to the outlined framework.

Dissecting the framework and explaining the ECC framework in detail, VISTA InfoSec is conducting an informative webinar on “NCA ECC Compliance - What you Need to Know?” for the benefit of our viewers and businesses in Saudi Arabia.

We will be conducting a live and interactive session, wherein any individuals can participate and learn about the standard and ways to achieve compliance.

The National Cybersecurity Authority (NCA) published the Essential Cybersecurity Controls framework to help government organizations protect their systems, networks, and data against cyber threats.

The regulations and guidelines mandate a common approach to information security across public sector organizations, third parties involved, and private companies responsible for critical national infrastructure to help maintain a high level of security confidentiality across the industry.The regulation requires the organizations to not implement security measures as per the guidelines but also maintain documentation and evidence of implementing the security safeguards.

Let us take a look at some of the documents and evidence requirements for NCA ECC Compliance.

The below-given list can work as a checklist for your organizations to consider when complying with NCA ECC Compliance. 

In the current data-driven world of business, ensuring data privacy and management is paramount.

Increasing demand for transparency and concerns regarding securing the privacy of data has pressured regulatory bodies around the globe to establish data privacy regulations and standards.

Data Privacy laws such as the GDPR, and CCPA have led to Data Privacy being the sole responsibility of organizations processing it.

This has pushed organizations to implement effective Data Privacy Management Systems that help in securing the personal data of consumers.

PIMSA is a new and effective approach towards ensuring more control and security over personal data.

PIMS helps organizations manage personal data in line with consumer expectations and compliance with various regulations, standards, and data privacy requirements.

The Health Insurance Portability and Accountability Act which is also known as HIPAA is an important law affecting the healthcare industry in the US.

Introduced in the year 1996, the legislation was earlier established to help employees with their health insurance coverage during the time frame between two jobs.

It also required healthcare organizations to implement controls to secure patient data against healthcare fraud.

However, over the years the legislation evolved and eventually focused on protecting the privacy of patient’s data.

Today, HIPAA is best known for protecting the privacy of patient data by appropriately implementing the necessary security requirements outlined in the regulation.

This would include implementing HIPAA Security Rules, Privacy Rules, Breach Notification Rules, and Omnibus Rule.The purpose of the HIPAA Rule was to limit access, restrict disclosure, protect Patient Health Information (PHI), and notify the authorities and people affected by incidents of a data breach.

Assessing the maturity level of an organization’s Cyber Security program is crucial for business.

This is because the evaluation process helps the organization determine the areas of improvement.

This further enables them to embed strong security policies and controls in their work culture and process.In Saudi Arabia, Member Organizations who fall in the scope of the SAMA Cyber Security Framework are required to determine and measure the maturity levels against the Cyber Security Maturity Model outlined in the Cyber Security Framework.

Explaining this in detail, we have today covered an article that will help you understand the Security Maturity Model outlined by SAMA.

An industry that is digitally driven requires cybersecurity to be its top-most priority.

Cybersecurity plays a key role in ensuring the security of an organization’s IT infrastructure and the safety of sensitive data against incidents of breach.

Cybercrimes prevailing in the industry often have a huge impact on business, leaving behind legal implications, scarred reputation, and heavy financial losses.

While regulators around the world have been working towards building strong security measures, it is the organizations that need to set up in the game and build strong cybersecurity measures against various cyber threats.

That said, witnessing the urgent need for adopting the best and proven cybersecurity measures, Saudi Arabia’s National Cybersecurity Authority (NCA) issued an industry best practice for businesses to adopt in the region.

In 2018, NCA introduced the Essential Cybersecurity Controls (ECC) as a minimum cybersecurity requirement for organizations in Saudi Arabia.

In the wake of growing cybercrimes, the National Cybersecurity Authority of Saudi Arabia developed and enforced the Essential Cybersecurity Controls (ECC) Framework to improve the cybersecurity defense in the region.

Taking into account various international standards and industry best practices, the ECC compliance was developed to protect the interests, national security, critical infrastructure, of businesses and government institutes in the country.

Explaining the regulation in detail VISTA InfoSec conducted a live webinar on “NCA ECC- What You Need to Know?”Watch this video:

Firewalls form the foundation of network security for any organization to secure its critical IT infrastructure against any cyber threats online.

So, firewalls are a critical part of an organization’s cybersecurity program.

PCI Council also mandates the need for implementing firewalls to organizations dealing with sensitive cardholder data online.The PCI DSS Compliance outlines in its 12 requirements the need for implementing firewalls to secure systems and networks against cyber threats online.

Elaborating about the firewall requirements in detail we have shared an illustrative blog describing the firewall requirements of PCI DSS and what an organization is expected to do it comply with the requirements. 

Cloud technology has experienced extraordinary growth in the recent years, with major firms like Amazon and Microsoft investing heavily in cutting-edge solutions.

As a result, IT teams can now manage their infrastructure considerably more easily, thanks to platforms like AWS (Amazon Web Services).

Naturally, this has posed additional problems and necessitated the use of AWS security.

Moreover, now, support experts no longer physically install hardware or update the RAM of a server.

Instead, users may change the setup parameters using an online interface.  

PCI SFF is a fairly new standard introduced in the online payment industry.

It is soon to be enforced, replacing PA DSS this year.

However, most organizations are skeptical about the transition phase and confused about the application and compliance process.

So, for the benefit of these organizations, our clients, and viewers,we at VISTA InfoSec conducted a live webinar session to clear out all the doubts and queries.

While we already covered one session of Part I- PCI SSF New Security Approach to Modern Payment that covered details on the new PCI SSF program, the recent webinar Part II- PCI SSF New Security Approach to Modern Payment, was more about the transition phase from PA DSS to PCI SSF and best practices for the preparation of the new standard.

The live webinar was conducted with Mr. Narendra Sahoo, (PCI QSA, PCI QPA, PCI SSFA, CISSP, CISA, CRISC, ISO27001 LA Industry) Founder & Director of VISTA InfoSec, and the industry expert Mr. Nitin Bhatnagar, Associate Director at PCI Security Standards Council.