All the latest UK technology news, reviews and analysis
|
|
|
11 Oct 2010
A lack of compliance with data security standards is leaving companies more vulnerable to data breaches, according to a new survey from Verizon Business.
The research found that companies that fail to meet the Payment Card Industry Data Security Standard (PCI DSS) are far more likely to fall victim to a data breach than compliant companies.
According to the study, organisations that suffer a breach are 50 per cent less likely to be compliant with the PCI standard.
Just 22 per cent of companies are not fully PCI compliant, although many of these had met major elements of the standard. Three quarters of those surveyed are compliant with at least 70 per cent of the standard.
The portions of PCI DSS which companies most struggle to meet are those that leave systems at risk of data breaches. Processes such as testing security systems and monitoring access to network resources are among the most common shortfalls.
Verizon Business recommends that businesses adopt a new set of best practices, such as managing compliance and security together, and view data compliance as an ongoing process rather than a short-term project.
"We hope this report will help organisations approach PCI compliance in a more informed and effective way," said Verizon Business vice president of technology and innovation Peter Tippett.
"Ultimately, we want the same thing as the rest of the industry: fewer payment card losses and data breaches."
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Security Assurance Consultant ( CLAS ) with HMG and Information...
Solutions Design Architect - Oracle - Exadata - Dataguard...
My Client is a tier one investment bank based in Edinbugh...
Analyst Programmer Web Developer required to work for...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
The choice for compliance vs productivity
Verizon states that "Monitoring access to network resources" are among the most common processes which companies fail to implement to meet compliance requirements, in meeting the Payment Card Industry Data Security Standard (PCI DSS). But what is not always so clear, is that this is not simply a case of companies being mis-informed or lazy, about their requirements, but that they are caught between a rock and hard place when it comes to the choice to meet compliance requirements. In both desktop and server environments, the choice to tighten access, to meet compliance requirments, can often seem to come at the cost of productivity. However, the ability to elevate role based access for privileged users for servers, and user privilege on desktops, exists and remains an essential part of every security strategy.
Posted by: NAKettles 13 Oct 2010