Portland, OR (PRWEB) June 09, 2014
Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced the results of a survey conducted by Atomic Research and sponsored by Tripwire. The survey evaluated the responses of 102 financial services organisations and 151 retail organisations in the U.K., all of which process card payments.
The survey results indicate that the confidence financial organisations place in their security controls is only marginally better than the confidence retailers place in their controls.
Key findings from the survey include:
“The survey responses indicate that a surprising number of organisations are building their security programs based primarily on PCI,” said Dwayne Melancon, chief technology officer for Tripwire. “My concern is that PCI is a very prescriptive, checklist-oriented approach that is less effective if it is not coupled with a holistic risk-based security program. If these organisations stop at mere PCI compliance, they may be lured into a false sense of security.”
Melancon continued: “The majority of the organisations who responded said they could detect a breach of critical systems within one to three days. This is inconsistent with historical data that says most breaches go undiscovered for weeks, months or even longer. This survey data suggests that most organisations have a rose-colored view of their own capabilities when it comes to breach detection and response.”
Other findings reveal:
“It is not surprising that the financial services industry has more nascent attention and fewer detected breaches because it’s more regulated,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “In many cases, regulations and their enforcement drive not only security but general situational awareness that contributes to more effective risk mitigation.”
More information on this study is available at: http://www.tripwire.com/company/research/uk-retail-and-financial-survey-part-2/.
Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at http://www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.