You passed your PCI DSS compliance audit, that must mean your organization is safe from cyber attacks…right? Wrong. While that PCI DSS certificate is important, it is by no means a guarantee you’re secure from hackers or immune to the repercussions of a data breach.
Just take a look at Target. The discount retailer was PCI certified in September 2013, only to suffer a massive data breach less than three months later. The Target breach serves as a harsh reminder that the cyber-threat landscape is constantly evolving; businesses cannot rely on just one compliance framework to keep up the defense.
In this post, we’ll provide some much needed tough love, detailing the differences between being compliant and secure, while also recommending how you can strive to be both.
The Difference Between Compliance and Security
We realize that many people assume that compliance is synonymous with security, but understanding the difference is the first step toward ensuring your organization is protected.
Compliance involves fulfilling official requirements, whereas security is about being safe from risk of loss. Here’s one way to think about it—you get a driver’s license in order to operate a vehicle, but having your driver’s license doesn’t guarantee your safety on the road. In order to be secure, you need to also drive defensively and be prepared for outside threats like bad weather or reckless drivers. PCI DSS compliance works the same way. You may be authorized to take customers’ credit card information, but it doesn’t guarantee your data is secure.
A Baseline, Not an End All Be All
In the introduction to the latest version of PCI DSS, the PCI Security Standard Council describes the set of standards as a “baseline of technical and operational requirements designed to protect account data.” The keyword there? Baseline. These standards are universal guidelines for businesses that process credit card information. They should not be considered an end all be all.
In addition to being PCI DSS compliant, savvy business owners should leverage in depth defenses and layered security practices in order to keep their network secure. This includes taking pro-active steps to protect their organization’s unique infrastructure, processes, and critical data assets.
Compliance is just one piece of the cyber security pie. Here at Soliton, we want to ensure you cover the whole thing. Our solutions helps you visualize endpoint vulnerabilities and remediate threats that may bypass traditional blocking and prevention security measures required for PCI DSS compliance. That way, you can stay compliant AND secure. Contact us today.