Desktop security does not equal data security

I tend to associate Consumer Reports more with great consumer product reviews that include nice Harvey Ball charts than I do with security stats. But this month's issue includes their annual State of the Net survey with some interesting security tidbits.

According to their survey of ~ 2000 households, over the past two years American consumers have:

  • lost almost $8.5 billion to cybercrime
  • replaced about 2.1 million computers because of viruses, spyware, and e-mail scams

The latter stat frankly surprised me. I had no idea that people replaced their PCs to avoid malware at that level.

Missing from CRs analysis and advice is the realization that consumers are increasingly victims due to breaches at organizations that house their data, not because of malware that has infected their computer.

urveys like this one whose data suggests malware infections are down don't necessarily indicate anything about the safety of our personal information or the state of cybersecurity in general.

Indeed, breach statistics (like these), even if one could somehow account for the increased reporting affect of mandated disclosure, suggest that personal information is less secure than ever.

I certainly wouldn't advocate lax security on consumer PCs. But if the goal is to protect our personal information tweaking our malware protection may not be the answer. Our time may better be spent pressuring those that store our data to protect it.

Application Security, Inc. provides database security solutions for the enterprise and was named to Inc. Magazine's 2007 list of America's Fastest Growing Private Companies (Inc. 500). Its products proactively secure databases and delivers up-to-date database protection that minimizes risk for companies.