Admittedly I am feeling a bit jaded as of late, but these are my 5 Reasons the Target Breach doesn't really matter:
1. If they ever cared at all, consumers will forget about the breach on the outside of 3 weeks, likely more like 3 days
2. Many Fortune XXX Companies quite possible have significantly *worse* security than Target <This is based on zero knowledge of Target's specific security practices>. How many are required to report breaches? What if the breaches are not PHI or PCI related? Can they detect PII breaches? How many *really* can detect the breaches whether they are regulated or not? We see the credit card breaches because the credit card companies have fraud detection that identify a Common Point of Purchase. Does that level of fraud detection occur related to SSN, etc. at the insurance companies? State / Federal tax returns? Say what you will about PCI but the card brands have a way of detecting and identifying breaches at merchants like no other organization does.
3. There are many, many, many more companies where consumers purchase items that are significantly more vulnerable than a company like Target, these breaches happen every day. Can we please add up the SMB market breaches and compare them to Target? Maybe not 40 Million, but still significant and not receiving any attention in a cumulative manner.
4. Can I repeat #1 two more times? Consumers do not adjust their purchasing based on breaches. Period. They see, hear, and are interested for a solid two days but it does not affect their purchasing. Same holds true for Enterprises, how many companies have stopped doing business with RSA following their breach?
Update: 20140307
Well, it appears maybe I was wrong on the above. I hope so. Target reported their earnings and the breach did affect their overall bottom line, so, good, right?
No comments:
Post a Comment