Seven real-world IT compliance nightmares, spotted by Verizon
An annual report from Verizon found that while businesses are still doing better to meet payment compliance standards, almost half failed their interim assessment in 2016 – and the company warns that this is directly linked to organisations being open to cyber attacks.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that organisations handling branded payment cards must adhere to, with a validation assessment taking place once a year.
Verizon is a company that is qualified to carry out PCI assessments, and of the organisations it assessed during the interim period in 2016, 44.6 percent failed to pass. That’s better than 2015 when 51.6 percent of interim assessments failed, but clearly there's still some way to go.
IT services firms fared best, with 61.3 percent passing full compliance, followed by 59.1 percent of financial services companies, 50 percent of retail outfits and 42.9 percent of hospitality organisations.
Compliance covers the whole range of security requirements in an organisation, from technology to people to process, personnel and culture. Naturally, if there's the smallest gap somewhere, then a business can't be considered fully compliant with a standard.
Verizon’s head of continental Europe advisory services for the payments cards industry (PCI) Gabriel Leperlier was on hand at a press briefing in London last week, where he talked through some of the worst-case scenarios the business uncovered when investigating payment card data breaches, from hidden routers, through to secret modems hidden in air force printers.