In 2022, Twitter suffered a massive data breach, which exposed the personal data of 5.4 million caused by broken authentication. Threat actors exploited Twitter's API vulnerability to gain unauthorized access to users' sensitive personal data. The incident resulted in reputational loss and hefty fines from the regulatory body for failing to protect users' data. This shows that no organization, regardless of size, is immune to data breaches.

In my previous blog post, we saw how the growth of generative AI and Large Language Models has created a new set of challenges and threats to cybersecurity. However, it’s not just new issues that we need to be concerned about. The scope and capabilities of this technology and the volume of the components that it handles can exacerbate existing cybersecurity challenges. That’s because LLMs are deployed globally, and their impact is widespread.

In 2017, Equifax, a major American credit bureau, became a cautionary tale in the importance of robust cybersecurity practices. It overlooked critical vulnerabilities in its systems, failing to address a known security flaw in its Apache Struts web app framework. This oversight resulted in the data leak of 143 million customers, costing Equifax $1.38 billion in making breach compensations and upgrading its IT systems.

While working towards a mission of building better, more secure mobile applications, the Open Web Application Security Project (OWASP) has spearheaded this effort with the Mobile Application Security Verification Standard (MASVS) and the Mobile Application Security Testing Guide (MASTG). These invaluable resources provide a comprehensive framework for safeguarding your mobile apps, ensuring trust, and protecting user data.

Digital twins are often associated with manufacturing, where a virtual replica mimics the workings of a complex physical system, such as a jet engine or a machine on a production line. But increasingly, there is interest from enterprises, telecom companies, and cloud providers in applying the technology to networks.

Cybercrime is a growing problem for higher education. Between 2020 and 2021, cyberattacks targeting the education sector increased by 75%. In line with other industries, the education sector is also experiencing a dramatic increase in ransomware attacks. According to the 2022 Verizon Data Breach Investigations Report, 30% of data breaches in the industry were attributed to ransomware attacks.

In our last discussion, we explored the evolution of Requirement 1 in the transition from PCI DSS v3.2.1 to v4.0, with a particular emphasis on the move towards ‘network security controls’. As we continue our exploration of the updated PCI DSS v4.0, today’s focus will be on the transformations in Requirement 2.

This is part three of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog.