Wednesday, February 25, 2015

A Trend Toward Detection

People are asking why there are so many data breaches now, but the question holds a hidden assumption. In truth, we don’t have good systematic knowledge of the data breaches that occur, so we can’t really say how many there were in the past or are now. With most of the events undetectable, it is impossible to say anything with any statistical confidence about what the trend is.

It is worth considering, though, that one reason data breaches are reported is that business are able to detect them. There is more technology and more skill when it comes to monitoring computer networks than there was in years past. Of course, that didn’t help Target a year ago when it detected intruding software in its retail network and ignored the finding. However, there is also more skill in detecting patterns in transactions and other events, and that capacity came to Target’s rescue two weeks later. We can even say with confidence that there are criminal groups trying to cover their tracks by keeping their exploits on a scale too small to be noticed. This tendency to keep things small is itself a pattern and any such pattern stands a small but significant chance of detection no matter how small and pseudorandom a criminal enterprise makes its activities.

In theory, the growing risk of detection would eventually deter criminals. In practice, there will always be criminals who are not rational enough to accurately measure the risks they are taking. On the other side of the data breach, the same quality can be found in businesses, which rarely consider the risk of data loss with the seriousness it deserves until after a loss has occurred. Put the two together, and it is easy to say that there will continue to be data breaches, and they will continue to be detected.