|[July 30, 2014]
Tripwire Retail Survey: PCI Compliance Contributes To False Sense of Security
PORTLAND, Ore. --(Business Wire)--
Inc., a leading provider of advanced threat, security and compliance
solutions, today announced the combined results of a 2014 retail
cybersecurity survey conducted by Dimensional and Atomic Research and
sponsored by Tripwire (News - Alert). The survey evaluated the attitudes of 407 retail
and financial services organizations in the U.S. and the U.K. on a
variety of cybersecurity topics.
Despite industry data to the contrary, Tripwire's retail cybersecurity
survey indicates that organizations that rely on PCI (News - Alert) compliance as the
core of their information security program were twice as confident that
they could detect rogue applications, such as those used to exfiltrate
data. These respondents were also significantly more confident that they
would be able to detect misconfigured or unauthorized network shares,
which was a key attack vector exploited in the Target (News - Alert) data breach.
Industry research indicates that most breaches go undiscovered for
weeks, months or even longer. The 2014
Trustwave Global Security Report reveals that retail is the top
target for cybercriminals, comprising 35 percent of the attacks studied.
The report also states that the number of firms that detected their own
breaches dropped from 37 percent in 2012 to 33 percent in 2013.
"Taken as a whole, these retail cybersecurity survey results indicate
that most payment card processors need to engage in a standard of care
discussion for their security programs," said Dwayne Melançon, chief
technology officer at Tripwire. "While most respondents feel confident
about their security investments, it's not clear whether they are
questioning the basis of that confidence. Instead of investing in the
development of a solid security business proces, they are focused on
basic security steps that, while necessary, do not sufficiently protect
their organization from cyberattacks."
Key survey findings for those who said PCI was "the backbone of their
security program" include:
89 percent said they would be able to detect a breach within three
69 percent were "very confident" that they would be able to detect
64 percent were "very confident" that they would be able to detect
unauthorized network shares.
"It makes sense that PCI compliance improves cybersecurity confidence,"
said Tim Erlin, director of IT security and risk strategy for Tripwire.
"Having a structured program in place that's objectively measured by a
third party is a definite improvement over more loosely defined programs
that are evaluated only by internal personnel. Careful implementation of
foundational security practices is a great way to begin building a
security program. However, many organizations fail to realize that the
goal of PCI compliance is the protection of cardholder data. It does not
protect the rest of your business."
Tripwire's 2014 Retail Security Survey report is available here: http://www.tripwire.com/register/tripwire-2014-retail-security-survey-report
Tripwire is a leading provider of advanced threat, security and
compliance solutions that enable enterprises, service providers and
government agencies to confidently detect, prevent and respond to
cybersecurity threats. Tripwire solutions are
based on high-fidelity asset visibility and deep endpoint intelligence
combined with business-context and enable security automation through
enterprise integration. Tripwire's portfolio of enterprise-class
security solutions includes configuration
and policy management, file
integrity monitoring, vulnerability
management and log
intelligence. Learn more at www.tripwire.com,
get security news, trends and insights at http://www.tripwire.com/state-of-security/
or follow us on Twitter (News - Alert) @TripwireInc.
[ Back To TMCnet.com's Homepage ]