While I was recently helping a client mitigate a data breach, there was another team on the premises ensuring that the organization met the standards for a popular security compliance certificate. This is not the first time that I have encountered certifying bodies signing off on an organization’s compliance even as it was under cyberattack. This ironic situation illustrates the confusing role that the growing number of different compliance certifications play. On the one hand, these certifications increase security efforts, but it is also clear they are not a blanket solution, as certified companies are attacked all the time.
Compliance certifications: worth the effort?