Why all the Breaches when AIS/CISP/PCI has been around since 2001/02!!
September 09, 2014This is September 2014 and the Card brands attempt at bringing security requirements to the marketplace to prevent fraud is not progressing very well!!
Why? In my opinion because the AIS/CISP/PCI requirements have been poorly implemented, monitored and enforced. Only a few in the level one category are regularly assessed and monitored and they still get compromised! After 12 to 13 years of being in place, if every single merchant and service provider had been put through this program on an annual basis as the program lays out - we would most likely be in a pro-active phase of fraud protection rather than the growing reactive phase of...Oh, NO not again!
Consistent security education and training of every staff member in an organization from the smallest to the largest will get our industry into proactive protection.
The bottom line is not so much all the money that is being put into the hands of criminals but our national security. Cyberterrorism is a threat I would like to protect my children and grandchildren from.
So what can you do? Hire a security professional to do an overall security risk assessment for your organization and see how you stand up. Take the security professionals recommendations and begin to implement the remediation starting with your highest level risks and move through until you plug every hole. At the same time, make sure that all your staff is trained on social engineering and how to prevent it.
Assure that your IT staff is trained and up to date on best security practises and has the resources to keep your systems secured in as close to real time as you can. Hire an outside security professional or team wot work with your internal teams to regularly assess systems and help you identify any holes your internal team might miss! The human element is one of the if not THE biggest risk factor in security compromise.
Don't wait for a breach to happen before you get proactive. Put a strategy in place now to get and maintain your security on every level within your organization. Once security becomes a part of your culture it is much easier and less expensive to maintain.