A survey that revealed that almost 30 per cent of IT directors/managers of major retailers in the UK are either unaware - or only partially aware - of the PCI DSS 2.0 security standard's requirements is very worrying, say the organisers of the Infosecurity Europe show. Infosecurity Europe will be held at Earls Court, London 19-21 April 2011 www.infosec.co.uk
According to Claire Sellick, event director with the show, it is also of significant concern that only 36.2 per cent of respondents to the survey knew that PCI DSS 2.0 includes significant changes regarding an organisation’s network architecture and virtualisation.
"What we have from the results of this LogLogic poll is that some of the IT managers with largest retailers in the UK - i.e. those with more than 50 outlets – just don’t `get’ what the PCI DSS 2.0 is all about, or the potential serious repercussions to their business of not being able to pass an audit. . If anyone should know about the issues involved, then it should be them," she said.
"The fact that the majority of them are doing their jobs, apparently blissfully unaware of the security requirements of the PCI Security Standard Council's rules as regards their IT architecture, is of phenomenal concern," she added.
Sellick went on to say that the increasing using of virtualisation in all large organisations, largely because of the economic imperative the technology offers, means that security managers really do need to be on their toes when dealing with the new IT platform.
Only a minority of existing security applications fully port over to a virtual machine environment, so it's critical that IT managers understand the need for a root and branch review of their IT security strategy before they migrate to a virtualised system.
And since the provisions of PCI DSS 2.0 mean that an organisation that cannot demonstrate it is operating within the rules to an auditor from the PCI Security Standards council could find itself unable to accept debit and credit cards, this really is an ultra-critical issue, she explained.
The only piece of good news to come out of this survey, she says, is the fact that around half of major retailers in the UK view PCI DSS as valuable addition to their security arsenal.
"Let's not forget that developing and maintaining an effective IT security strategy is all about knowledge. Only with the knowledge of what your options are can you truly develop a holistic set of security defences," she said.
"Frankly, anyone can source a leading-edge IT security appliance or software-based system, but to deploy it in an effective manner takes a high degree of security intelligence. And since PCI DSS 2.0 is so critical to modern businesses, the results of this survey are a real eye-opener," she added.
"It is to be hoped that IT managers who learn about the results of this survey will move swiftly to counter lack of understanding of PCI DSS rules in their organisation, otherwise when the PCI auditor comes knocking, their business could be in serious trouble."
About Infosecurity Europe
Infosecurity Europe, celebrating 16 years at the heart of the industry in 2011, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of four Infosecurity events around the world with events also running in Belgium, Netherlands and Russia. Infosecurity Europe runs from the 19th – 21st April 2011, in Earls Court, London.