38.2% of the known universe has blogged about the Verizon data breach report and how it has changed their life, and opened their eyes, busted icons and confirmed suspicions. But I looked right at the facts there, but I might as well have been completely blind.
My thoughts are simply:
- What? No scatterplots? Bar charts and pie charts combined with narrative paragraphs that don't describe either are sort of lame. Give us an idea if there are two or three mammoth breaches that are skewing your stats. A little creativity would have helped. Don't just think the data breach. Be the data breach.
- It would have helped to have "data breach" defined. Sometimes, the stats are describing a leak of GLB-style NPI, other times credit card info, other times website defacements. What do you want to bet that the threats and controls for a theft of trade secrets is different than for a credit card data from a Bennigan's POS terminal? Is it enlightening to lump this data together? I recall reading many years ago an essay in a scholarly computer science jounal on Computer Crime. They including the classic network hacking and phone phreaking in their analysis, as well as people hijacking trucks carrying motherboards. So, if I hit someone over the head with a laptop that stores unencrypted SSNs, is that a data breach?
- I will give the Verizon guys extra bonus points for not using the report as a sales lead generation tool. I'll rant more on that later.
Photo of Gene Clark courtesy of Find-A-Grave. Think Gene Clark, not Eagles.