There was much anticipation from those within the finance and security industries to learn about the key findings from the Verizon 2020 Payment Security Report. Why? Because it highlights the key trends and insights on data security compliance and data protection from the previous 12 months, providing a good indication of how the industries are moving forward in terms of data security.
Unfortunately, the results made for concerning reading. Perhaps most concerning was the finding that PCI DSS compliance had dropped from last year as only 27.9% of businesses admitted to maintaining full compliance with the payment standard during their interim compliance validation. With this being the third successive year in which compliance has fallen, it's clear that more and more organizations are struggling to meet the 12 fundamental requirements designed to keep sensitive payment data protected. PCI Requirement 12, which tackles matters related to security policies, risk assessment processes, management and documentation, saw the largest drop in full compliance out of all of the stipulations.
While many organizations are adopting digital transformation and migrating to the cloud, most are likely encountering data security and privacy factors that had previously not been considered. It appears maintaining a list of third-party service providers with their compliance statuses was too problematic for some. Not to mention the teething problems that the technology can bring if not fully understood and properly implemented.
Data revolving around payments and finances are the most highly sought-after targets for cybercriminals and the threats to payment card data continue to increase, which can severely impact an organization if a breach occurs. Consumers are more aware than ever before and will no longer stand for their data being mishandled. They have the power now since the formation of data privacy and security regulations like GDPR, CCPA, and industry standards like PCI DSS and HIPPA. Businesses must understand that while security does not automatically mean compliance, the two elements are intrinsically entwined and by having these aligned holds much significance as to whether compliance is met with PCI DSS, etc.
Challenges in the CISO’s Corner
The Verizon 2020 Payment Security Report also gauged the opinions of CISOs and the key challenges they were facing throughout the past 12 months. For many, the prime issue was correlated to complexity and a lack of visibility on risks, assets, organization changes, and legal and compliance requirements. These matters are compounded by the fact that most CISOs felt that the executive leadership or the boardroom were failing to support the CISO, which would greatly hinder any progress in executing a solid data security compliance strategy.
To help in this regard, it is advisable for CISOs to adopt a holistic approach to their security posture to better enable them to deploy a multi-pronged defensive strategy that factors the many security tools required to tackle the varying extremes of modern cyber threats. Furthermore, the organizations that follow more holistic approaches to security are the ones best positioned to remain in compliance with data regulations and standards such as PCI DSS.