In a word, yes. More and more of our information is accessible online. This gives hackers more options and more incentive. Many viruses and malware are being developed by financially motivated criminals. It is quite common for these viruses and malware to be so sophisticated that many organisations will not even know they have been attacked. It is imperative that organisations take online security seriously to avoid being a victim.
If your organisation doesn’t want their private, sensitive and corporate information public then yes. Many organisations don’t realise how valuable their information is. The reality is that businesses store all kinds of valuable information including client details, business plans/models, financial details, product development, employee details, records, reports, etc. If this information is not adequately protected the impact of a security incident could be disastrous.
To a point this is true but you shouldn’t rely on it. The reason the Information Security industry exists is because technology is not naturally secure. When a product is developed and released people start trying to exploit it and in many cases they are successful. Until developers start taking a very serious approach to security, users will have to employ after market security techniques.
The short answer is no. Security is a process not a destination. The threat landscape continuously evolves so controls and mitigation methods must evolve with it. There is also the question of balance. Organisations need to find an acceptable balance between security and availability. A system that is completely locked down may be safe but may impede the business if people can’t access the required information.
Information Security systems vary greatly depending on the size and type of organisation you are. At a fundamental level your first step should be to identify and protect your most valuable information assets. Securing this information may not be the easiest job in creating a security system but it is the most important.
There are big risks for non-compliance. The financial consequences of non-compliance are kept confidential between merchants and their acquiring banks. Sanctions placed on non-compliant organisations may include higher transaction fees, on-off fines, monthly fines or even termination of the ability to process payment cards. In the event of a breach organisations also face the potential loss of reputation, loss of customers and litigation.