Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | Maintaining PCI Compliance a Showstopper for Many RetailersInitial Findings from Verizon’s 2015 PCI Report Suggest Businesses Still Struggle, Lack of Compliance Linked to Data Breaches
By: Verizon The initial glance at the data suggests that many companies fall out of compliance once it’s achieved. In fact, fewer than one-third were still fully DSS-compliant less than a year after being validated. Of all the data breaches studied, Verizon’s findings clearly show that not a single company was fully PCI-compliant at the time of the breach. Two key areas where organizations fall out of compliance include regularly testing security systems and processes and maintaining firewalls. “Today’s cybersecurity landscape is changing,” said Rodolphe Simonetti, director of compliance and governance professional services for Verizon Enterprise Solutions. “As a result, organizations need to change the way they approach security. Businesses need to adopt a model that we call ‘resilience’ Simonetti recommends that organizations look holistically at security which means enterprises must: · Put safeguards in place to prevent attacks · Accept that a breach can happen · Be prepared to respond by: o Mitigating the impact of a breach o Restoring defenses o Resuming normal operations as quickly as possible. 2015 PCI Report from Verizon Enterprise Solutions This year’s report will cover three years of data and include the results from thousands of PCI assessments conducted by Verizon’s team of PCI Qualified Security Assessors for mostly Fortune 500 and large multinational firms in more than 30 countries. The 2015 report will explore the relationship between compliance and being secure and the biggest gaps. Similar to the 2014 report, Verizon will take an in-depth look at each of the 12 PCI requirements, including a first-time look at compliance against the 3.0 standard. The 2015 report will be expanded to include findings regarding how and where companies fall out of compliance once achieved. It also will include a section explaining “how to make compliance easier,” featuring actionable recommendations for enterprises that want to stay PCI compliant. PCI Report Findings Based on Actual PCI Assessments Similar to Verizon’s Data Breach Investigations Report (DBIR) series, the PCI Report is based on actual casework and is the only report of its kind in the industry. This report analyzes PCI Data Security assessment data, with a specific focus on the retail, financial services and hospitality industries across North America, Europe and the Asia-Pacific region. The 2014 PCI Report can be viewed at: www.verizonenterprise.com/ End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|