Wednesday, February 21, 2007

Useless Statistics, Part Deux

It's so easy to pick on some of the stuff that comes across Dark Reading. But something being easy never stopped me from doing it, especially if it involves scornful derision. :-)

nCircle published the results of a survey today that indicate that 2/3 of [83] security professionals believe that their data is less secure today than it was 24 months ago. I will forgo the rant about bad data and statistics and instead point out that what nCircle has really done is highlight an issue of perception and definition that exists across infosec today.

What these results really tell me, if anything, is that only one in three infosec pros recognized this trick question for what it is. Your data is no less secure today than it was 2 years ago because your data was in approximately as many places, transmitted and traded just as freely, protected just as poorly, and sought by organized crime and bot herders just as much. Simply because disclosure laws have forced the issue into the media, people perceive things as being worse. But they're not. In other words, relax Chicken Little, it's been raining sky for years now.

No comments: