Market Sectors

block 10

<p>1</p>

PCI compliance contributes to false sense of security, survey says

Portland, OR-based Tripwire, a provider of advanced threat, security and compliance solutions, has announced the combined results of a 2014 retail cybersecurity survey conducted by Dimensional and Atomic Research and sponsored by Tripwire. The survey evaluated the attitudes of 407 retail and financial services organizations in the U.S. and the U.K. on a variety of cybersecurity topics.

Despite industry data to the contrary, Tripwire’s retail cybersecurity survey indicates that organizations that rely on PCI compliance as the core of their information security program were twice as confident that they could detect rogue applications. These respondents were also significantly more confident that they would be able to detect misconfigured or unauthorized network shares, which was a key attack vector exploited in the Target data breach.

Industry research indicates that most breaches go undiscovered for weeks, months or even longer. The 2014 Trustwave Global Security Report reveals that retail is the top target for cybercriminals, comprising 35 percent of the attacks studied. The report also states that the number of firms that detected their own breaches dropped from 37 percent in 2012 to 33 percent in 2013.

“Taken as a whole, these retail cybersecurity survey results indicate that most payment card processors need to engage in a standard of care discussion for their security programs,” said Dwayne Melançon, chief technology officer at Tripwire. “While most respondents feel confident about their security investments, it’s not clear whether they are questioning the basis of that confidence. Instead of investing in the development of a solid security business process, they are focused on basic security steps that, while necessary, do not sufficiently protect their organization from cyberattacks.”

Key survey findings for those who said PCI was “the backbone of their security program” include 89 percent said they would be able to detect a breach within three days, 69 percent were “very confident” that they would be able to detect rogue applications, and 64 percent were “very confident” that they would be able to detect unauthorized network shares.

Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration.

 

 

Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...