The importance of PCI Forensic Investigator Certification, and what this means for the cybersecurity industry and today’s businesses

By Kevin Pierce, Chief Operating Officer, VikingCloud

As data breach costs hit record highs, Kevin Pierce, Chief Operating Officer of VikingCloud, a leading provider of cybersecurity and compliance solutions, explains the importance of PCI Forensic Investigator Certification, when to engage the services of a PCI Forensic Investigator, and what happens next.

From malware and ransomware to viruses and phishing, data breaches are on the rise and represent an increasing cost for businesses of all sizes. According to IBM’s 2022 Cost of a Data Breach Report, in 2022, the most common initial attack vectors were compromised credentials at 19% of breaches and phishing at 16% of breaches.  On average, the costliest initial attack vector was phishing at USD 4.91 million, followed by business email compromise at USD 4.89 million.

Even small businesses hold large volumes of valuable customer data, and if they work with larger companies, create an entry point for a bigger attack. 

Unfortunately, even businesses that are aware of data security threats can fall prey to them, and although businesses can be the victim of cybersecurity crime, they can also be held responsible for a failure to safeguard sensitive customer information. This can incur civil liability if reasonable, precautionary measures for protection were not implemented, or there was a failure to respond in a timely and cooperative manner following a breach.

An inadequate response to a data breach can also have long-term consequences that can be even more costly, such as loss of trust and diminished reputation.

In the unfortunate event of a security breach or data compromise, an in-depth forensic investigation will provide valuable evidence and insights that can help to minimise the impact of the breach and also prevent future data breaches. 

What is a PCI Forensic Investigator?

PCI Forensic Investigators (PFIs) are highly trained independent incident response experts certified by the Payment Card Industry Security Standards Council (PCI SSC) and approved by the card brands to perform forensics investigations on security incidents that impact Cardholder Data Environments (CDEs). The goal of the investigator is to determine the existence of a payment cardholder data breach, the facts and circumstances of when and how it may have occurred and that there is no longer an active breach.

Any business that works with or accepts payment cards, may be required to hire a PFI in the event of a cyber security breach.

The importance of PCI Forensic Investigator Certification

Working with a certified PFI can help you determine whether a breach of cardholder data occurred, what information was compromised, and how it happened. When looking for a PFI, engaging a firm that holds PCI Forensic Investigator Certification will give you peace of mind that they are authorised to review the outcome of a customer data breach investigation, and that they use processes and methodology around forensic investigations that meet the required standards.

When to engage the services of a PCI Forensic Investigator

Preparing for an incident and having specialised responders ready immediately can save a compromised organisation time and money. It currently takes an average of 287 days to identify a data breach and the average per record (per capita) cost of a data breach increased by 10.3% from 2020 to 2021.

The faster a company remediates a data security breach, the faster it stops the loss of data and financial information. The moment cyber attackers are in your network, the more time they have to steal personal information on you and your customers, credit card data, and funds from your financial accounts. So as soon as you suspect your network has been breached, you should contact a PFI. 

What happens next

A PCI Forensic Investigation aims to stop the breach as quickly as possible to prevent further damage, while getting the required investigation completed. 

The first step is to determine the scope of the affected environment and collect evidence. Based on this evidence, a preliminary report is created and forensic analyses conducted.

The next step is to build a containment strategy and verify the containment, before producing a final report. The whole process can vary in length and complexity according to the company and situation.

Why it matters

Firstly, it matters to your reputation. The payment card industry requires any business that retains cardholder data to adhere to self-regulated PCI Data Security Standards, and there is an expectation that thorough investigations will be carried out in the event of a data breach. 

Obviously, it also matters to your bottom line. In 2021, large organisations of 10,000-25,000 employees hit by a data breach paid an average cost of $5.52 million per attack. Companies with less than 500 employees have also seen an increase, from $2.35 million per attack in 2020 to $2.98 million in 2021, representing a 26.8% increase. 

While preventative steps are crucial in avoiding the costs of potential breaches, the services of a certified PFI are equally important when those breaches occur.

In October, The Payment Card Industry Security Standards Council (PCI SSC) certified VikingCloud as a PCI Forensic Investigator (PFI) Company for North America, authorising us to review the outcome of a customer data breach investigation, and recognising that our process and methodology around forensic investigations go above and beyond the minimal requirements. If businesses suspect a data breach, get in touch with a certified expert like VikingCloud without delay. The results of an investigation are the best way to help prevent future breaches, safeguarding both your bottom line and your reputation.

As VikingCloud’s Chief Operating Officer, Kevin leads global product development, service delivery, QSA consulting, and managed security testing. Viking Cloud is a 900+ employee, global cybersecurity organization that is transforming how customers approach cyber-defense through managed security, testing, and assessment services. With almost 30 years in the technology space, Kevin has designed and built highly scalable cloud systems for secure data exchange, supply chain optimization, and cybersecurity in multiple industries. He also co-founded two technology companies that each grew to hundred-million-dollar enterprises prior to his exit. Kevin’s current focus is on leveraging machine learning and artificial intelligence to deliver next-generation cybersecurity solutions across industry verticals. Kevin holds a master’s degree in Business Administration, studied in various Executive Programs at Oxford University and Harvard University, and is a Six Sigma Blackbelt.

About VikingCloud:
VikingCloud provides end-to-end security and compliance solutions to businesses around the world, offering the latest in cloud-based solutions to secure networks and maintain compliance. Almost 5 million businesses use their award-winning platform, and the company maintains partnerships with many of the world’s leading acquirers and payment service providers.
VikingCloud also works with the world’s largest brands helping them proactively mitigate evolving cyber threats and business risk. The Asgard Platform™ processes billions of security events daily, providing real-time intelligence access to an organization’s cyber risk landscape. Headquartered in Dublin, Ireland, with operations in the United States, Australia, Brazil, Canada, Germany, India, Mexico, Philippines, Poland, South Africa, and the United Kingdom. 

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.