Clinging to TLS 1.0 Puts Sites Outside PCI DSS ComplianceClinging to TLS 1.0 Puts Sites Outside PCI DSS Compliance
More than half of organizations could be out of compliance, new research shows.
August 22, 2018
When an old protocol refuses to die, it can have a major impact on security — and cause an organization to fall out of regulatory compliance. Case in point: New research from Panorays shows more than half of organizations could be out of PCI compliance because they just can't let go of TLS 1.0.
Panorays' review of 1,150 organizations indicated that 52% use TLS 1.0 on all of their websites (a total of 29,000), while another 45% use TLS 1.0 on at least one site. PCI DSS requires organizations to replace TLS 1.0 with TLS 1.1 or 1.2. The older protocol has been shown to be more vulnerable to man-in-the-middle and other attacks than its replacements.
Among the reasons speculated for companies retaining TLS 1.0 on their websites are the need to take care of endpoint users with old browsers and applications that don't support newer versions of TLS, and a lack of awareness of the PCI DSS requirements.
Read more here.
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Business Buyers Guide to Password Managers