Good post. I had to help a restaurant chain with PCI compliance years ago when I was working in managed service. It feels crazy that PCI-DSS is this far behind on this area. Reminds me of how years ago cyber defenses were all about defending the perimeter. Now it's far easier, and much better ROI, for attackers to compromise a user through social engineering and perimeter defenses are not even on the playing field.
Good post. I had to help a restaurant chain with PCI compliance years ago when I was working in managed service. It feels crazy that PCI-DSS is this far behind on this area. Reminds me of how years ago cyber defenses were all about defending the perimeter. Now it's far easier, and much better ROI, for attackers to compromise a user through social engineering and perimeter defenses are not even on the playing field.
Well put! I worked with many restaurant chains back when I was a QSA.