Experts Comment on Verizon PCI Compliance report Richard Blech, CEO of Secure Channels (www.securechannels.com): The dichotomy of the term ‘Best Practices’ – by definition, ‘Best Practices’ does not mean using the broken standard. The status quo has cybersecurity as an afterthought, cleaning up the mess after the breach. Governance initiatives for many enterprises conjures up a reactive, lackluster, and un-imaginative state of affairs. PCI-DSS, including other compliance efforts, is dealt with minimal motivation and a ‘getting it over with’ attitude. The substantial finding from Verizon is to be expected as the first step in adopting compliance is a call to action for the people supporting these enterprises. Recent impact to revenue, reputation, and resources for many high-profile organizations has motivated technology leaders to emphasize governance. It is time for the leaders of the technology cyber industry to step up, after all isn’t solving problems the very definition of technology? The reality is that hackers are nimble and unregulated while the regulating bodies are slow and extremely regulated. What is left? TECHNOLOGY. The solution needs to be defined, designed, developed and deployed. There’s an absolute and unequivocal relationship. PCI-DSS calls out Best Practice techniques in protecting critical information, with a wide-array of controls for front-end, middle-tier, and back-end platforms. While the PCI framework is not the cure for all breaches, it was created as a launch pad to first set up an intermediate technical roadmap; second, to create and energize a forum aligning customers, businesses, and technology; and third, to promote checks and balances for each responsible party, fair to their level of activity. Find the original article here.