PCI DSS compliance is just a first step to securing an enterprise.
Recent high-profile data breaches at major retailers demonstrate clearly that while the Payment Card Industry Data Security Standard (PCIDSS) might be a starting point for securing consumers' personally identifiable information, it is no barrier to the challenge of dedicated attackers. Any company that processes credit and debit card data must take PCI compliance and network security seriously because any company connected to the internet can be breached. IT teams need to assess their network security posture on a regular basis because technologies that once were thought to be secure might actually be vulnerable.While the migration to EMV technology will reduce the number of unauthorized card transactions, it is no panacea, many say.
In fact, many of the experts we spoke to for this new ebook from SC Magazine, agree: Companies should assume that a breach has already occurred, and build their defenses based on that assumption.
There are steps to take, and policies and technologies to implement that can mitigate the consequences of ever-present data breaches.