|By PR Newswire||
|February 11, 2014 03:02 AM EST||
NEW YORK, Feb. 11, 2014 /PRNewswire/ -- A new Verizon report has found that too many businesses, following their annual assessment for meeting the Payment Card Industry Data Security Standard, fail to maintain ongoing compliance -- putting the businesses at an increased risk for data breaches, and financial and reputational damages.
The "Verizon 2014 PCI Compliance Report" affirms that payment card transactions remain a prime target for attackers, and the rate at which data breaches are occurring appears to be increasing. It is estimated by The Nilson Report that global credit cards fraud exceeded $11 billion in 2012 alone.
According to the report, in most cases, payment card data breaches are not a failure of security technology or of compliance with the Payment Card Industry Data Security Standard, but rather a failure to implement appropriate compliance and security measures as intended.
"We continue to see many organizations viewing PCI compliance as a single annual event, unaware that compliance needs to have a 365 day-a-year focus," stated Rodolphe Simonetti, managing director, PCI practice, Verizon Enterprise Solutions.
(NOTE: Video, charts, infographics, full report and cover art are available for download at http://www.verizonenterprise.com/news/2014/02/PCI-Report-2014-Media-Resources.)
However, there is a bright spot in the report: Organizations' initial compliance with the PCI standard has shown some improvement. In 2013, more than 82 percent of organizations were compliant with at least 80 percent of the PCI standard at the time of their annual baseline assessment, compared with just 32 percent in 2012.
There were also regional differences due to breach notification laws, varying legal requirements and levels of adoption. The Asia-Pacific region took the top spot (75 percent), followed by the U.S. with 56 percent and Europe with 31 percent in meeting at least 80 percent of the PCI requirements.
Areas where businesses struggle the most in achieving initial compliance include: security testing (23.8 percent); security monitoring and the ability to effectively detect and respond to data compromised (17 percent); and protecting stored sensitive data (55.6 percent).
"Anything less than 100 percent compliance is an issue for businesses today," said Simonetti. "We have seen time and time again that noncompliance leaves an organization open to credit card theft, which can potentially cost hundreds of millions of dollars when you factor in all the damages, not to mention lost consumer trust and the impact on brand reputation. Organizations need to rethink how they factor in maintaining a PCI-compliant environment, whether it's devoting more resources or working with a managed security services provider."
Report Takes In-Depth Look at Each of 12 PCI Requirements
In addition the report examines in detail how well organizations comply with each of the 12 specific PCI requirements; provides recommendations that organizations can implement to help them earn and maintain compliance; and explains how noncompliance with each requirement can lead to a data breach.
Simonetti points out that "compliance activities should be planned; integrated with largest organizational wide governance, security and compliance initiatives; and automated as much as possible to help ensure compliance is sustainable and cost effective."
PCI Report Findings Based on Actual PCI Assessments
The report is based on findings from hundreds of PCI DSS assessments conducted by Verizon's team of PCI Qualified Security Assessors, from 2011 through 2013. Like Verizon's Data Breach Investigations Report (DBIR) series, the PCI Compliance Report is based on actual casework and is believed to be the only report of its kind in the industry. This report analyzes PCI Data Security assessment data, with a specific focus on the retail, financial services and hospitality industries across North America, Europe and the Asia-Pacific region.
Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers. Verizon Wireless operates America's most reliable wireless network, with nearly 103 million retail connections nationwide. Verizon also provides converged communications, information and entertainment services over America's most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries. A Dow 30 company with more than $120 billion in 2013 revenues, Verizon employs a diverse workforce of 176,800. For more information, visit www.verizon.com.
VERIZON'S ONLINE NEWS CENTER: Verizon news releases, executive speeches and biographies, media contacts and other information are available at Verizon's online News Center at newscenter.verizon.com. The news releases are available through an RSS feed. To subscribe, visit newscenter.verizon.com/corporate/feeds.
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
Oct. 28, 2016 08:00 PM EDT Reads: 2,006
SYS-CON Events announced today that Enzu will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their online busine...
Oct. 28, 2016 07:30 PM EDT Reads: 1,493
In his session at 19th Cloud Expo, Nick Son, Vice President of Cyber Risk & Public Sector at Coalfire, will discuss the latest information on the FedRAMP Program. Topics will cover: FedRAMP Readiness Assessment Report (RAR). This new process is designed to streamline and accelerate the FedRAMP process from the traditional timeline by initially focusing on technical capability instead of documentation preparedness. FedRAMP for High-impact level systems. Early in 2016 FedRAMP officially publishe...
Oct. 28, 2016 07:15 PM EDT Reads: 680
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
Oct. 28, 2016 07:00 PM EDT Reads: 4,246
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Oct. 28, 2016 07:00 PM EDT Reads: 420
Join IBM November 2 at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how to go beyond multi-speed it to bring agility to traditional enterprise applications. Technology innovation is the driving force behind modern business and enterprises must respond by increasing the speed and efficiency of software delivery. The challenge is that existing enterprise applications are expensive to develop and difficult to modernize. This often results in what Gartner calls...
Oct. 28, 2016 07:00 PM EDT Reads: 405
Qosmos, the market leader for IP traffic classification and network intelligence technology, has announced that it will launch the Launch L7 Viewer at CloudExpo | @ThingsExpo Silicon Valley, being held November 1 – 3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The L7 Viewer is a traffic analysis tool that provides complete visibility of all network traffic that crosses a virtualized infrastructure, up to Layer 7. It facilitates and accelerates common IT tasks such as VM migra...
Oct. 28, 2016 06:30 PM EDT Reads: 665
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, will discuss the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They will also review two "free infrastruct...
Oct. 28, 2016 06:30 PM EDT Reads: 385
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
Oct. 28, 2016 06:15 PM EDT Reads: 2,942
Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. In the eyes of many, containers are at the brink of becoming a pervasive technology in enterprise IT to accelerate application delivery. In this presentation, you'll learn about the: The transformation of IT to a DevOps, microservices, and container-based architecture What are containers and how DevOps practices can operate in a container-based environment A demonstration of how Docke...
Oct. 28, 2016 05:45 PM EDT Reads: 1,733
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
Oct. 28, 2016 05:30 PM EDT Reads: 328
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, will deep dive into best practices that will ensure a successful smart city journey.
Oct. 28, 2016 05:30 PM EDT Reads: 3,335
President Obama recently announced the launch of a new national awareness campaign to "encourage more Americans to move beyond passwords – adding an extra layer of security like a fingerprint or codes sent to your cellphone." The shift from single passwords to multi-factor authentication couldn’t be timelier or more strategic. This session will focus on why passwords alone are no longer effective, and why the time to act is now. In his session at 19th Cloud Expo, Chris Webber, security strateg...
Oct. 28, 2016 04:45 PM EDT Reads: 338
November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Penta Security is a leading vendor for data security solutions, including its encryption solution, D’Amo. By using FPE technology, D’Amo allows for the implementation of encryption technology to sensitive data fields without modification to schema in the database environment. With businesses having their data become increasingly more complicated in their mission-critical applications (such as ERP, CRM, HRM), continued ...
Oct. 28, 2016 04:30 PM EDT Reads: 1,231
In the 21st century, security on the Internet has become one of the most important issues. We hear more and more about cyber-attacks on the websites of large corporations, banks and even small businesses. When online we’re concerned not only for our own safety but also our privacy. We have to know that hackers usually start their preparation by investigating the private information of admins – the habits, interests, visited websites and so on. On the other hand, our own security is in danger bec...
Oct. 28, 2016 04:30 PM EDT Reads: 787