The Hits Just Keep on Coming...
The data on the TJX breach keeps trickling out and this breach of 45.7M records is now the new poster child for a Big Breach. Some things that I find interesting:
- It continues to point to an inside job
- They made arrests, but it's the equivalent of arresting the people who bought a pair of stolen shoes from an employee out of their trunk in the back of a Marshall's
- TJX seems to follow the paradigm of the US Drug Policy by going after the small fry, or at least that is what conclusion I draw based on the information released
- At 47.5M records multiplied by $182/record the costs stand (ballpark) at $4.3B a full ONE THIRD of their Market Capitalization!!!! Put that in your spreadsheet and crunch it...
- I still want to know what the impact is of their financials, and whether or not because of Sarbanes-Oxley, someone may be held accountable, and how Identity Theft will factor into SOX at the end of this
I will continue to harp on the importance of Machine Identity as long as the inside jobs continue to happen. If you can reduce the access not only by user but by machine, why wouldn't you do that? It is one of the easiest and cost-effective threat vector reductions an organization can deploy.
Is it perfect? No, but damn it, it's the equivalent of having the DNA of the suspect(s) at the crime scene.
identitystuff@gmail.com
- It continues to point to an inside job
- They made arrests, but it's the equivalent of arresting the people who bought a pair of stolen shoes from an employee out of their trunk in the back of a Marshall's
- TJX seems to follow the paradigm of the US Drug Policy by going after the small fry, or at least that is what conclusion I draw based on the information released
- At 47.5M records multiplied by $182/record the costs stand (ballpark) at $4.3B a full ONE THIRD of their Market Capitalization!!!! Put that in your spreadsheet and crunch it...
- I still want to know what the impact is of their financials, and whether or not because of Sarbanes-Oxley, someone may be held accountable, and how Identity Theft will factor into SOX at the end of this
I will continue to harp on the importance of Machine Identity as long as the inside jobs continue to happen. If you can reduce the access not only by user but by machine, why wouldn't you do that? It is one of the easiest and cost-effective threat vector reductions an organization can deploy.
Is it perfect? No, but damn it, it's the equivalent of having the DNA of the suspect(s) at the crime scene.
identitystuff@gmail.com
posted by Mark Mac Auley at 3/30/2007
Get My Identitystuff Newsletter
0 Comments:
Post a Comment
<< Home