Monday, June 16, 2008

Visualize World Data Breach

38.2% of the known universe has blogged about the Verizon data breach report and how it has changed their life, and opened their eyes, busted icons and confirmed suspicions. But I looked right at the facts there, but I might as well have been completely blind.

My thoughts are simply:

  • What? No scatterplots? Bar charts and pie charts combined with narrative paragraphs that don't describe either are sort of lame. Give us an idea if there are two or three mammoth breaches that are skewing your stats. A little creativity would have helped. Don't just think the data breach. Be the data breach.
  • It would have helped to have "data breach" defined. Sometimes, the stats are describing a leak of GLB-style NPI, other times credit card info, other times website defacements. What do you want to bet that the threats and controls for a theft of trade secrets is different than for a credit card data from a Bennigan's POS terminal? Is it enlightening to lump this data together? I recall reading many years ago an essay in a scholarly computer science jounal on Computer Crime. They including the classic network hacking and phone phreaking in their analysis, as well as people hijacking trucks carrying motherboards. So, if I hit someone over the head with a laptop that stores unencrypted SSNs, is that a data breach?
  • I will give the Verizon guys extra bonus points for not using the report as a sales lead generation tool. I'll rant more on that later.

Photo of Gene Clark courtesy of Find-A-Grave. Think Gene Clark, not Eagles.

1 comment:

Alex said...

"What? No scatterplots?"

Is a perfect point and where I would offer that Verizon is using this *less* as a sales tool as they could (which I still give them kudos).

But that's kind of damning with faint praise - it's still a sales tool, and (in my opin.) only a marketing piece would pretend to be so "certain" about the data its sources and the interpretations. Some of the statistical analysis drawn out of it simply isn't phrased correctly.

That said, I really do offer praise for Verizon for taking the time and effort to develop this. It takes some corporate balls to pull this off. I really hope they take the feedback given into account and continue to release information like this in the future.