Many media observers have called both 2013 and 2014 “the year of thedata breach.” In 2013, much of the focus of malware attacks was onindividuals. Attacks such as the ransomware CryptoLocker held users’ data hostage and attempted to extract a fee from affected individuals. In 2014, however, many of the attacks impacted a wide range of targets, from individuals to small, medium and large businesses. For example, the ShellShock bug often first breached Web servers and then spread onto other devices connected to the network, enabling it to steal personal data.
This white paper provides an overview of foundational compliance requirements, including those for PCI and the Health Insurance Portability and Accountability Act (HIPAA). It is important to consider while differences emerge among specific compliance mandates, many of the common mistakes and challenges associated with each will apply to all compliance efforts.