Tuesday, March 13, 2007

Charts 'n Graphs

From Pogo, this article from Physorg on the classic Evil Hacker v. Evil Suit dilemma. From the article:

If Phil Howard’s calculations prove true, by year’s end the 2 billionth personal record – some American’s social-security or credit-card number, academic grades or medical history – will become compromised, and it’s corporate America, not rogue hackers, who are primarily to blame. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million a month in 2007, up some 200,000 a month from last year.

Goodness. This article seems to do more damage than good in increasing awareness of the privacy issue. The key bit of data that seems to be missing is the damage. More from the article:
Malicious intrusions by hackers make up a minority (31 percent) of 550 confirmed incidents between 1980 and 2006; 60 percent were attributable to organizational mismanagement such as missing or stolen hardware; the balance of 9 percent was due to unspecified breaches
So, how many fraudulent charges were made, fake IDs manufactured or reputations horribly disfigured by each category? The author of the study adds:

"And the surprising part is how much of those violations are organizationally prompted – they’re not about lone wolf hackers doing their thing with malicious intent."

So, would you rather Big Nameless Credit Card Company notify you:

A. that your name/credit card/SSN/date of birth were lost at an airport while stored on an encrypted laptop hard drive


B. that Lone Wolf Hacker sniped your digits of their server (running unpatched IIS 2.0 on unpatched Win98)

Of course I can't prove that either scenario is inherently more dangerous for the consumer. I can just shake my angry fist at the data.

No comments: