So last night, I'm sitting on the couch playing a nice game of "Scarface" on the Playstation 2 (all of you XBox freaks can keep your comments to yourself), and thought, "you know, we're almost at 700 recorded data loss events, so maybe I should send out an email or a post to the Data Loss Mail List about this highly significant event." Then it happened...
BLAM. BLAM. BLAM. BLAM.
Like Cancer Omega opening up gunfire on a group of innocent Windows users, all of a sudden I see the Data Loss Database (Open Source) (aka DLDOS) jump up to... 704. Thanks in part to the dedication of d2d (new attrition member), we're seeing dataloss events being added left and right. So why are 700 events (and the sudden increase over that number) concerning? It isn't. In fact, it's dreadfully *unconcerning*.
Why unconcerning? Because, even now, after almost two years of tracking breaches, we've come to realize that breaches *will* happen. It's a fact. Adam Shostack of Emergent Chaos has postulated that breaches are actually good in a way because they increase awareness and better responses to breaches. So why are we still tracking breaches of personally identifying information? To continue to increase public awareness? For educational value? To give us something to do?
Yes... yes... and definitely not.
Copyright 2011 attrition.org