OUCH. Verizon said in a report this month that 89% of organizations that achieve annual compliance with the PCI Data Security Standard -fail- to maintain that status after passing the audit. That results in being open to potential data breach risks and other security threats. We all know that PCI is an acceptable security baseline and then you build your full security posture on top of that. But not even having PCI compliance in place year-round is asking for trouble.
Verizon reported on the annual PCI compliance assessments that they performed as a service for well over 500 organizations the last few years. The numbers are based on actual compliance data gathered from organizations in the financial services, retail, travel and hospitality sectors and some other markets.
Rodolphe Simonetti, managing director, PCI practice for Verizon Enterprise Solutions said: "More than 82% were compliant with only about eight in 10 PCI requirements at the time of their annual assessments and needed an additional three months or so to close the gaps".
Many organizations see PCI compliance as a hurdle they need to take once a year, and then take their attention off the issue. They treat it as an annual "goal" rather than treating it as part of their continuous risk mitigation.
"It is really a failure to use compliance standards and tools on a day-to-day basis," Simonetti said. Not enough manpower and budget are known challenges to maintain ongoing PCI compliance at many companies, but the security issues that remain unresolved can be disastrous.
That is why we released the KnowBe4 Compliance Manager (KCM). This tool allows you to first -become- PCI compliant, and then -remain- compliant by assigning regular specific compliance tasks to the Directly Responsible Individual, (DRI) who then checks the control, reports to KCM that it's done, and then does the same compliance task again at the next required interval.
KCM allows you to automate your compliance workflow and at all times have full overview of your compliance status and security posture. We'd like to give you a 15-minute webdemo so you can determine if this is a good fit: http://info.knowbe4.com/knowbe4-compliance-manager