More Firms Meeting PCI DSS, but Only Temporarily
-
PCI DSS Compliance Trends
Over the past three years, overall average compliance grew from 53% to 94%, an increase of 77%. Over the same period, full compliance increased from less than 8% to 20%, a 167% change. -
PCI DSS Compliance Improves Somewhat in 2014
The number of organizations that achieved full compliance grew from 11% in 2013 to 20% in 2014, reducing the number that were non-compliant from 89% to 80%. -
State of PCI DSS Compliance
More than 90% of all controls, subcontrols, and testing procedures were passed by 80% of companies, a significant increase from last year. Only 25% were passed by all companies assessed, and the highest any control scored in 2013 was 98%. -
The Nature of PCI DSS Compliance
On average, compliance with 11 of 12 PCI DSS requirements increased 18 percentage points. The biggest increase was in authenticating access. The only area where compliance fell was testing security systems. -
Reduction in Scope
A full 87% reported making some effort to take data out of scope for PCI DSS compliance using a variety of methods. Another 62% reported moving affected data beyond their control by relying on third-party providers. A full 96% are also using firewalls and routers to control access to data. -
Spear-Phishing the Password
Four out of five breaches stemmed from authentication-based tactics, where attackers attempted to guess, crack or reuse valid credentials. -
Unencrypted Data Is Primary Target
Attackers often focus on compromising stored data. Almost half (48%) of compromises related to payment card data breaches involved data that was unencrypted. -
Use of Anti-malware Software
This is the only control category that witnessed a drop in compliance, from 96% to 92% in 2014. -
Managing the Insider Threat
A full 96% of companies were compliant in limiting data access to just those individuals whose job requires such access. -
The Ultimate Fail
Of all the data breaches investigated by Verizon in the last 10 years, not a single company has been found to be fully compliant at the time of the breach.
What Partners Need to Know About HP, Inc. 
MSPs Face Big Cybersecurity Talent Gap 
Why Tech Companies Are Eager to Invest in 5G 
The Problem With Partner Referral Programs 
Microsoft Taps Channel for Digital Business 
New Technologies Will Fuel Channel Opportunities 
Channel's Transition to the Cloud Requires More Time 
Microsoft's Cloud Channel Begins to Mature 
Defining MSPs' Goals, Challenges and Tools 
Why Metrics Matter to the Channel Organizations may not exactly be in love with the Payment Card Industry Data Security Standard (PCI DSS), but they are increasingly complying with it with help from solution providers across the channel. The 2015 PCI Compliance Report from Verizon finds that although more companies than ever are attaining PCI DSS compliance, few of them can maintain it since the overall IT environment remains fairly dynamic. "Compliance at a point in time isn't sufficient to protect valuable data and their reputations; organizations must make being proficient at maintaining security controls in a dynamic environment a strategic imperative," the reports explained. "Being able to say that you were compliant three months ago will be of little solace when dealing with the aftermath of a breach." Most of the data being stolen is accessed with credentials that have either been stolen or are easily cracked. Also, much of the stolen data is unencrypted, showing that companies still have work to do to move toward compliance.