Keeping You PCI Compliant — Malwarebytes Security Software Proactively Protects Customer Information & Brand Reputation
12.12.16 Cyber Security

Keeping You PCI Compliant — Malwarebytes Security Software Proactively Protects Customer Information & Brand Reputation

By: Adam West

The Crunch: Brand reputations and customer data are on the line when breaches occur, which is why Malwarebytes responded by developing software that stops harmful malware and ransomware attacks. Already well-known around the world for its popular anti-malware software, businesses receive added layers of protection when using Malwarebytes Endpoint Security. Merchants rely on accepting credit card payments to stay profitable, but they must first meet the requirements — including maintaining a vulnerability management program — to become Payment Card Industry certified. Deploying Malwarebytes helps clients meet this PCI prerequisite and provides businesses with the comfort of knowing they have software that takes a proactive approach to preventing malicious attacks.

When Marcin Kleczynski was 14 years old, he found himself in a precarious position. Despite having anti-virus software installed, his mother’s new computer became infected with malware when he downloaded a video game. Suddenly, his mom’s PC was completely unusable.

The tech-savvy teenager was forced to get creative to avoid his mother’s wrath and spent three days scouring forums and message boards seeking a fix, eventually creating his own solution. After all the work to find a fix, the need for a better malware cleaner became clear to him.

A few years later while studying at the University of Illinois, Marcin turned that experience with his mother’s computer into Malwarebytes and took the business to well over $20 million in worth. Malwarebytes has since grown to more than 500 employees and features a suite of software that’s used on the front lines to protect computers from attacks every day.

Portrait of Roger Cobb, Vice President of Worldwide Channel Sales at Malwarebytes

Roger Cobb, Vice President of Worldwide Channel Sales at Malwarebytes, told us companies of all sizes can become targets for breaches.

“Marcin wrote the original program, Malwarebytes Anti-Malware, to clean up his mother’s computer,” said Roger Cobb, Vice President of Worldwide Channel Sales at Malwarebytes. “We are installed on more than 600 million computers worldwide per year to remove malware.”

Malwarebytes sponsored research with Osterman Research in August of 2016 and discovered that of the 540 companies surveyed in the U.S., U.K., Canada, and Germany, almost 40 percent had experienced an incidence of ransomware. For the uninitiated, ransomware is essentially malicious software introduced into an environment that holds system information hostage and demands a sum of money in exchange for releasing the data. Out of those reported attacks, 34 percent of the businesses lost revenue. The same study revealed that 96 percent of U.S. companies aren’t confident in their ability to block an attack.

“Companies of any size — and this includes consumers — no one is exempt from being attacked and having personally identifiable information — passwords, credit card numbers, bank accounts — stolen at this point,” Roger said. “Everybody has become a target.”

Much of Malwarebytes’ success has come from maintaining a singular focus on endpoint protection. More than 60 million home users benefit from its Malwarebytes Anti-Malware software, but the company goes a step further to protect businesses of all sizes with Malwarebytes Endpoint Security. It’s a system that takes a layered approach to block ransomware and malware, helping companies keep their data private.

PCI Compliance Ensures Acceptance & Protection of Credit Card Info

For businesses to accept credit card payments, they must meet the requirements of the Payment Card Industry. According to Statista, 47% of online purchases in 2016 were paid with credit cards. So if an e-commerce company suddenly lost its PCI certification, it could almost immediately lose half of its sales.

One of the conditions of PCI certification is maintaining a vulnerability management program, which involves using and regularly updating anti-virus and anti-malware programs.

Retail customers who keep Malwarebytes updated and running on their systems receive the peace of mind that comes with knowing they have sophisticated software that allows them to accept credit card payments and takes a proactive approach to avoiding threats.

“PCI compliance allows these retailers, whether they’re online or brick and mortar, to all take Visa, MasterCard, and Discover,” Roger said. “It’s obviously the biggest revenue stream for them, and if they weren’t able to process credit card transactions, that becomes a huge problem for them.”

With Breaches on the Rise, Reputations & Client Data are at Stake

Once hackers get into a system, it doesn’t take long for them to do serious damage.

“The Verizon Breach Report states that malware is generally discovered over 200 days after it’s been in an environment,” Roger said. “Unfortunately, it takes about 120 seconds for the person who’s implanting this exploit into the environment. It takes them literally two minutes to scrape the database and get all the personally identifiable information, credit card numbers, Social Security numbers, healthcare records.”

There’s a huge gap between malware and ransomware being implanted and it being detected. Businesses’ reputations and customer data are at stake, and the goal of Malwarebytes is helping companies beat that two minutes to breach.

Portrait of Adam Kujawa, Director of Malware Intelligence at Malwarebytes

Adam Kujawa, Director of Malware Intelligence at Malwarebytes, said a proactive approach to preventing ransomware attacks is now necessary.

“Business owners have to realize that we’re not in the past where reactionary protection is an option. It’s not anymore,” said Adam Kujawa, Director of Malware Intelligence at Malwarebytes. “If all of your customer information or product data or financial information is stolen by ransomware, especially if you’re a medical organization where you can get hit by heavy fines by the government for HIPAA violations, you can’t let that data get compromised.”

The paradigm is shifting, and businesses are no longer content to sit back and wait to be attacked. A proactive approach is becoming increasingly popular, and Malwarebytes Endpoint Security is software that snuffs out malware before it is an issue.

“If a specific threat is seen in an environment, you can load that threat into Malwarebytes, and, with a sniper rifle, search your entire environment looking for that threat, and proactively hunt for malware exploits and ransomware,” Roger said.

Screenshot of Malwarebytes Management Console

The detection of malicious attacks through Malwarebytes’ highly visual dashboards is the first step in stopping a threat.

As one of the most reputable companies in the world when it comes to removing malware, Malwarebytes often ends up in head-to-head competition with other software. After all, it’s only natural that a business would want to know it was getting the best malware protection possible.

“When these retailers bake off and look at these products, the ones that do their due diligence and throw the latest and most dangerous threats at these systems find that we block them at an astronomically higher rate, and that’s because it’s all our company does,” Roger said. “We don’t focus on 20 different products.”

Malwarebytes Continues to Innovate with a Cloud-Based Console

Already an industry giant thanks to its ability to keep malware and ransomware from compromising company data, Malwarebytes continues to find new ways of improving upon its core products with a recent focus on better serving enterprise-grade companies.

Malwarebytes 3.0 was developed to give users a single platform that combines Malwarebytes Anti-Malware, Anti-Exploit, Anti-Ransomware and scans computers at a vastly increased speed. An enterprise-grade release is on tap for 2017, and more security measures for big business will be included in the product.

Another innovation Malwarebytes is working on is a cloud-based security console. Enterprise-level businesses often have a wide global reach with endpoints all over the world, and a cloud-based platform makes it easy for every employee to have access to security features.

“I want knowledge of cybercrime protection basics to be just as common for people as knowing to look both ways before they cross the street.” — Adam Kujawa

Many of Malwarebytes’ employees work outside its four offices, and the company knows firsthand about the benefits and challenges of remote workers.

“The development of technology for the sake of being able to do a job doesn’t always take into consideration the security aspect of it, but, as a security company, we kind of have to do that,” Adam said. “It definitely gives us a unique perspective.”

Anti-malware software is essential to businesses of every size, and even smaller companies can benefit from a cloud-based console because they won’t need a management server to deploy Malwarebytes. Instead, merchants can log into a website and receive the protection they need to remain PCI compliant and keep customer data locked down.

“We are a true endpoint protection and response platform for incident response and stopping breaches,” Roger said. “That ends up being a very crucial thing to retailers when they’re making a choice about their software. The most important thing to them is not getting information stolen, meeting compliancy, and not having their brand or their customer information damaged in any way.”