Don’t give me no jibber-jabber, fool.

For the past couple years, I’ve been telling everyone that no, I don’t want a GPS. To appreciate why that’s unusual, you have to understand that my sense of direction is terrible. I can get lost in a supermarket. But then, someone got me a GPS anyway – and when I found out you could download and install Mr. T’s voice into the thing… well, I just had to have it – even at the relatively steep 12 dollar fee. And now I do.

As you might expect, while Mr. T is awesome, his voice can get a little irritating after a few uses. He yells at you, berates you, tells you not to give him any jibber-jabber, and calls you a fool. He’s basically just being Mr. T. But since I paid the 12 bucks already, there’s no way I’m going to turn it off. However, it’s irritating enough that if the thing is on, you’re listening to what it’s saying.

So what does this have to do with anything? I bring it up because I think it’s an appropriate metaphor for something that I saw today with infosec. First, I came across this article where X-Force says that Web Applications are the Achilles heel of business. True? Maybe. It sure sounds good – there do seem to be a bunch of issues with web apps. But basically it’s all conclusion drawn on a relatively small amount of data.

Then I came across this study that says that 88 percent of data breaches are caused by internal negligence. Hmm…

If you accept for a moment that data breaches are one barometer of overall security, why would it be the case that Web Applications are the Achilles Heel? Wouldn’t it be the case that negligence of internal staff – apparently accounting for about 90 percent of the issues reported – was the Achilles heel?

My point is… if there’s all this data collecting going on – why isn’t it being used to draw the conclusions?