Retail sector slow in adopting new PCI standards
Posted on 31 October 2013.
Tripwire announced the results of research on risk-based security management in the retail industry, and the news isn't good: the majority of the retail sector is yet to implement to the new PCI standards.

The survey, conducted in April 2013 with the Ponemon Institute, evaluates the attitudes of 1,320 respondents from IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management. One hundred sixty-two retail sector respondents from the U.S. and U.K. participated in the retail portion of the survey.

The most recent version of the Payment Card Industry Data Security Standard (PCI DSS 3.0) will soon require businesses to implement and perform penetration testing. In addition, PCI DSS 3.0 will also clarify different methods of secure authentication and session management so businesses can better protect themselves against man-in-the-middle, man-in-the-browser and other similar cyber attack methods.

However, the study revealed that the retail industry hasnít yet implemented these new security requirements.

Key findings include:
  • Only 41 percent of the retail sector uses penetration testing to identify security risks.
  • Only 34 percent of the retail sector measures the reduction in access and authentication violations to assess risk management efforts.
  • Only 44 percent of the retail sector has fully or partially deployed file integrity monitoring.
  • 62 percent of IT professionals in the retail sector say that negative facts about security risks are filtered before being communicated with senior executives.
For more information about this survey, go here.





Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //