I actually have a point to make today. Expanding upon my post on Twitter (@mock7), I was doing some basic math yesterday and came up with a pretty scary realization.
According to this SC Magazine article , Pennsylvania State University recently stated that they are working to notify approximately 30,000 individuals whose personal information may have been compromised in a recent malware attack.
Forget about mitigation.
In fact, forget about the cost of 30,000 sheets of paper and envelopes. Ink and the wear & tear on printers. Oh...they used a company like FedEx Office? Even more costly.
Forget the salary of the person who has to type up the letter, and the person who has to edit the letter.
Forget the cost of credit monitoring that will probably be offered to those whose information was put at risk by this attack
(Equifax 'ID Patrol' is ONLY $14.95/month - $14.95*12months*30000people=$5,382,000).
Nope...forget all that, and consider this: Today, a first class stamp costs $.44, and Pennsylvania State University (aka Penn State - ) is literally going to spend more money on postage for the 30,000 letters they have to send to individuals - informing them they may be at risk - than they would have spent on a good vulnerability assessment.
FUD (fear, uncertainty, and doubt) tactics, which seem to be a necessary evil in ANY security industry, are becoming more and more obsolete in information security because the numbers are really starting to speak for themselves.
Thursday, December 31, 2009
Subscribe to:
Posts (Atom)
