Tuesday, February 05, 2008

Nobody Is That Dumb ... Oh, Wait IX

Yes, my "Nobody Is That Dumb ... Oh, Wait" series comes back - with a vengeance! I really should have launched "the dumbest prediction of the year" contest, but I didn't :-) Still, we have a wiiiiiiiiiiinner: "TJX’s Security Breaches Will Force it to Go out of Business or to Merge with Another Company" Huh? Then it gets better: "Furthermore, the negative impact upon TJX’s public image is difficult to assess, but it is not difficult to imagine that it has been large."

Ummm, no! I think people rightly don't care and will continue to shop at TJX. In the event of card abuse, one 10 minute call to your CC issuer solves the problem; a new card arrives in a few days. Magic! :-)

I bet the opposite will happen: this will prove that you can operate while 0wned and leaking data like a sieve ...

UPDATE: more details on why I think this prediction is truly "dumbistic": "... And yet Wall Street analysts didn't seem to care. [...] In fact, the lack of financial fury by the analyst community was entirely predictable. [...] ... the reason why TJX was able to escape unscathed is simple: TJX's customers didn't care, so why should Wall Street. "

4 comments:

Anonymous said...

I agree with you that the financial impact on TJX for their security failings have been and will likely continue to be minor.

As I am spending much of my nights and weekends working on earning another degree I had spent some time over the fall term researching the impact of security breaches on organizations in effort to discover what level of emphasis managers should place on security. The conclusion that I arrived at is that the financial incentives seem to lead to limited investment in security.

Given my day job in InfoSec, it was not what I would refer to as a happy conclusion.

Anton Chuvakin said...

>researching the impact of security
>breaches

I am really curious to see the study!

>The conclusion that I arrived at is
>that the financial incentives seem
>to lead to limited investment in
>security.

Yes, that is why we now have compliance to kick ppl in the ass; still, I think more research is needed on economic impact of security

Anonymous said...

Dr . Chuvakin,

Here is the paper that I had referred to:

http://www.vedaa.org/papers/Vedaa_management_infosec.pdf

I suspect that you may find one of the papers that I referenced (Belva) to be of interest.

Ken

Anton Chuvakin said...

Thanks - I will check out the paper!

Dr Anton Chuvakin