At the beginning of this year, a set of powerhouse organizations in cybersecurity (CSO Magazine, Deloitte, Carnegie Mellon's CERT program, and the U.S. Secret Service) released the results of a survey of 523 business and government executives, professionals and consultants in the ICT management field.
The media coverage generated by this survey provides an unusally clear illustration of how cyber security discourse has become willfully detached from facts. It shows clearly how there is an organized industrial and political imperative to drill into our heads the idea that the Internet is a dangerous thing and its threats are spiralling upwards at an uncontrollable rate. It doesn't matter what facts are uncovered, they are all interpreted to support this preconception.
With that intro, here is the lead sentence from the January 25 2010 Carnegie-Mellon University news release about the 2010 CyberSecurity Watch Survey: “Cybercrime threats posed to targeted organizations are increasing faster than many organizations can combat them, according to the 2010 CyberSecurity Watch Survey…”
Stop right there. A careful review of both the survey and the ensuing responses to it quickly reveals that that conclusion did NOT come from the survey itself, and was not supported by its data.