The latest version of the Payment Card Industry (PCI) Data Security Standard will soon require businesses to implement and perform penetration testing, but only 41 percent of retail sector enterprises currently use penetration testing to identify security risks.
The new standard will also clarify different methods of secure authentication and session management so businesses can better protect themselves against main-in-the-middle, man-in-the-browser and other similar cyber attack methods, Dark Reading reports.
According to an April 2013 survey from Tripwire, Inc. and the Ponemon Institute, only 34 percent of the retail sector measures the reduction in access and authentication violations to assess risk management efforts. Only 44 percent of the retail sector has fully or partially deployed file integrity monitoring.
The report also found that 62 percent of IT professionals in the retail sector say that negative facts about security risks are filtered before being communicated with senior executives.