One of the leading providers of PCI compliance solutions and information security published a report analyzing a sampling of research, merchant feedback and investigations over the last year. The findings of the report are based on over two thousand infiltration tests and over three hundred investigations of data breaches. The tests and investigations were performed by the QSA’s (qualified security assessor) internal advanced research and development security team. Their investigations and tests highlighted application security testing, forensics and hacking vulnerability.
The report showed that the food and beverage (restaurant) industry is still the top target for cyber theft for the second year in a row. In addition the 2011 investigations revealed that more than a third of the compromised accounts were franchise businesses. Researchers suggest that businesses that are modeled as franchises will be at the highest risk of a data breach in 2012. On top of all this the report illuminates some surprises regarding the most common passwords used by businesses around the world and what time of day is the highest risk times of day to open an email.
Many in the industry consider this report to be the most comprehensive on cybercrime, data breach trends, developing or new security threats and on best security practices recommendations. Making sure your business is operating in accordance with the PCI DSS (payment card industry data security standard) is your best basic defense against a data breach. If your business accepts credit cards or handles sensitive authentication data from customers, you are required to be PCI compliant. It is your responsibility to protect your customers’ data by following the goals set forth in the PCI DSS version 2.0. If your customers’ personal or financial data is stolen, you are liable for any fraudulent activity perpetrated on the compromised accounts. Only if you are PCI compliant at the time of the breach will you be afforded certain protections as well as, in some cases, tens of thousands of dollars in breach coverage.
Next week we’ll cover some more of the interesting findings of this report. See our home page to find out how your business can obtain its vital PCI compliance at absolutely no cost to you.