Over Half of IT Professionals Don’t Know Where Sensitive Data is Stored: Survey

IT professionals are fixated on perimeter security measures such as firewalls, antivirus protection and content filtering, and are ignoring more important security considerations, suggest the findings of a Gemalto-commissioned survey.

Polling a little over a thousand IT professionals around the world, the survey found that 76 percent had reported that their companies had increased investments in perimeter security, yet 68 percent said that they thought unauthorized users could still gain access to their networks.

Thirty-two percent of the respondents said their organizations don’t encrypt payment data, and 35 percent said they don’t encrypt user data in general. Fifty-five percent said they didn’t know where such data is stored.

The responses paint a dismal portrait of the state of enterprise security at a time when the protection of sensitive data is an increasingly key concern. Just this week, a provider of smart vending machines reported that it had suffered a data breach compromising customer data including biometric credentials.

Meanwhile, the European Union’s General Data Protection Regulation will come into effect next May, with 53 percent of respondents in the Gemalto survey saying that they don’t think their organizations will be compliant in time. That could prove costly for the businesses and, in the event of hack attacks, their customers.

Source: MobileID World

Malaysia: No More Signing for Card Payments

Data

Goodbye signatures, hello personal identification numbers (PIN). It is all systems go for the nationwide transition to PIN and Pay on 1 July 2017.

PINs will be mandatory for all transactions over the counter using credit and debit cards.

Today marks the end of the six-month grace period where cardholders and merchants were allowed signatures for transactions.

A smooth transition is expected, with most cards and point-of-sale (POS) terminals being replaced and a vast majority of cardholders using their PIN for payment.

Close to 23 million payment cards have been replaced, translating to 100% of credit cards and 98.5% of debit cards as of May.

See the full article here.

How PCI compliance is the first step in achieving the “CIA Triad”

When it comes to PCI DSS compliance, most organizations consider it as a one-off task, something to complete – often only after the Acquiring Banks ask to do so – and forget about once the compliance has been validated. The problem is that compliance audits only prove best-practice during a snapshot in time, and most organizations fail to maintain best-practice after they have passed the audit. It has been found that most, if not all, organizations that were supposedly PCI DSS compliant were found to no longer be compliant at the moment they were compromised.

See the full article here.