Correlation Shown Between Data Breaches & PCI Non-Compliance
On March 22, 2012 Verizon released their annual Data Breach Investigations Report. This report encompasses the data breaches collected & analyzed from law enforcement agencies in the United Kingdom, Australia, Ireland and the Netherlands, as well as by Verizon and the United States Secret Service. The report covers the year 2011 and includes breaches in classified, intellectual and personal data as well as payment card data. Through the analysis, Verizon’s RISK team discovered that “174 records were compromised in 855 data breaches.” Sadly, this is the highest number of breaches that has ever been covered in this report.
So why is this happening? Well, according to reports “Nearly 96 percent of victims required to comply with PCI-DSS guidelines were not compliant at the time of the breach.” Knowing that there is a large connection between data breaches and PCI compliance, many business owners that are not compliant are making it a priority.
An interesting aspect of this report is that it seems as if hacktivists are responsible for the majority of the stolen data. They aren’t doing it to steal identities or gather personal data for alternate means, but more for publicity. Regardless of who is taking the information though, it is still a cause for concern.
This is still an issue because although hacktivists stole the data for attention, the main data breaches were committed by cyber-criminals (a whooping 83%) and their goal is to steal identities and make money off of innocent people. Also, hacktivists mostly target larger companies, simply to show that they can, while cyber-criminals target smaller businesses. Smaller businesses will have a much more difficult time recovering from breaches like these.