{"id":1390,"date":"2019-12-30T15:18:54","date_gmt":"2019-12-30T15:18:54","guid":{"rendered":"http:\/\/72.52.228.46\/~itegriti\/?p=1390"},"modified":"2021-04-12T05:27:57","modified_gmt":"2021-04-12T05:27:57","slug":"verizon-payment-security-report","status":"publish","type":"post","link":"https:\/\/itegriti.com\/kw022024\/2019\/cybersecurity\/verizon-payment-security-report\/","title":{"rendered":"Verizon\u2019s 2019 Payment Security Report: Stop Being Reactive, Get Proactive"},"content":{"rendered":"

Much like Verizon\u2019s Data Breach Investigations Report (DBIR), the Payment Security Report<\/a> (PSR) is a must-read for security professionals. While it focuses on the PCI DSS standard and reviews compliance related to its 12 requirements, it is much more than a review of how companies are faring regarding PCI compliance.<\/p>\n

The compliance statistics are informative and show some alarming trends about how well companies are protecting payment card data. Those trends should cause any CISO to look closely at how their organization is handling data protection \u2013 and not just for payment cards. Critical data needs protecting regardless of how it is used. The PCI standard is broadly applicable, and the controls are just as effective for PHI, PII, and other sensitive data.<\/p>\n<\/div>

Key Findings<\/strong><\/h2><\/div>

\"\"<\/p>\n

When the PCI SSC published the PCI DSS in 2004, it was expected that organizations would achieve effective and sustainable compliance within about five years. 15 years later and less than half of organizations maintain programs that prevent PCI DSS security controls from falling out of place within a few months after formal compliance validation.<\/p>\n

Data protection and compliance present daily challenges. Security professionals must assure that controls remain in place and perform consistently. Despite good intentions, more than half of organizations are still struggling to design, implement and maintain a sustainable compliance program.<\/p>\n

One challenge is that many security professionals believe that by following a script in the correct order will result in effective and sustainable data protection. In the real world, things are messy. Organizations might be spending a lot of time and money creating their Data Protection Compliance Programs (DPCP), but many programs are ineffective and fail to advance beyond a program that looks good on paper. Unfortunately, these DPCPs lack the design, implementation, review process and revisions to become effective and sustainable. Additionally, organizations have inadequate or overly complex strategies, which originate from a lack of proficiency in designing, implementing, monitoring and evaluating a DPCP.<\/p>\n

Payment card assets and data are under constant threat, and defenders are not always keeping up. Organizations need more robust DPCPs and navigational tools to manage the sustainability of their data protection. The findings of the report are alarming:<\/p>\n