Over the past few weeks (and years), there have been massive data breaches at large companies (TJ Maxx and Heartland) – the latest being Target department stores. An FBI credit card fraud bust indicated that 47 PCI compliant organizations had data breaches. Does this mean that PCI DSS is not effective? Was there something these companies could have done to prevent such breaches? The answer to both questions is – yes!
The moral of the story – compliance is not security. In reality the opposite is true – security is compliance. Companies need to move beyond check-the-box compliance to effective security.
To learn more about how you can move beyond compliance to real security, please contact us.