This week, the European director of the PCI Security Standards Council, Jeremy King, warned that despite fraud losses falling last year, organisations still need to do more to make security part of their day-to-day operations. He also highlighted that many organisations are failing to adhere to the PCI Data Security Standard (DSS) – resulting in £1 million card fraud losses per day in 2010 – and advised that compliance is not just about preventing intrusions, but also about ensuring systems are in place to alert organisations to any misuse of data.
Ross Brewer, vice president and managing director for international markets, LogRhythm, cautions that while organisations are beginning to realise the importance of Protective Monitoring, many do not fully understand the scope of what it entails.
“Jeremy King is right to highlight that we cannot rely on a single solution to prevent data breaches, however, many organisations often place too much faith in traditional security methods that try to fence-out the threat. The repeated high profile security incidents currently making the news should have proved to everyone that data breaches are now an inevitability. Today, defending networks depends on traceability – organisations need the ability to connect seemingly unique events so that anomalies can be identified and action taken to minimise damage. As King says, with the right policies in place “you may not prevent ten records from going out, but the likelihood of preventing it before it reaches 75 million is definitively increased”.
“When it comes to Protective Monitoring, organisations must not fall into the trap of viewing it as a one-time only compliance requirement. Indeed, you only have to look at the latest UK Security Breach Investigation Report, to see that of all the merchants suffering a cardholder data breach in 2010, none were compliant with PCI DSS requirement number 10, which warns that merchants must regularly monitor access to network resources as a way of proactively spotting unusual or suspicious behaviour.
“To be effective, Protective Monitoring must involve ongoing analysis of all log data. In addition, due to the volume of logs generated by modern IT systems, and the increasingly disparate nature of networks, it is vital that they consist of automated, centralised and fully integrated log management platforms. In the current marketplace of increasingly complex IT and data operations, this approach is the only way to provide the deep insight required to secure the IT estate and guarantee compliance with regulatory obligations like PCI DSS.”