The Twelve Days of Breachmas
Sitting down at your desk wondering how you're going to get your info sec budget through the next finance meeting unscathed and still manage to meet all of your department's regulatory requirements? Well, I can assure you, you're not alone. But take this song sheet with you to the next budget meeting and sing it out loud where all the senior executives can hear it outside of the conference room. No, it may not be subtle, but hard times call for drastic measures, and you can't have your budget cut any further, am I right?
My apologies to lyricists everywhere, but this time of year lends ample fodder for the non-musically inclined to play with all the ways a breach occurs at companies everywhere. Grab your bottle of Maalox and hum along. Remember that it's just a song, not what could happen...or is it? Well, I can't answer for other institutions, but I'm sure you've not got a single worry about a data breach happening at your institution.
The Twelve Days of Breachmas
On the first day of Breachmas my employees gave to me: one missing laptop loaded with all our new enrollees.
On the second day of Breachmas my employees gave to me: two unshredded data records in the trash and a missing laptop loaded with all our new enrollees.
On the third day of Breachmas my employees gave to me: three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the fourth day of Breachmas my employees gave to me: four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the fifth day of Breachmas my employees gave to me: five banker Trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the sixth day of Breachmas my employees gave to me: six hackers a-hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the seventh day of Breachmas, my employees gave to me: seven insiders a-thieving, six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the eighth day of Breachmas my employees gave to me: eight stolen passwords, seven insiders a-thieving; six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the ninth day of breachmas my employees gave to me: nine phishing emails, eight stolen passwords, seven insiders a-thieving; six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the tenth day of breachmas my employees gave to me: ten thumbdrives a-missing; nine phishing emails, eight stolen passwords, seven insiders a-thieving, six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the eleventh day of breachmas my employees gave to me: eleven lawyers litigating, ten thumbdrives a-missing; nine phishing emails, eight stolen passwords, seven insiders a-thieving; six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
On the twelfth day of breachmas my employees gave to me: twelve regulators enforcing, eleven lawyers litigating, ten thumbdrives a-missing; nine phishing emails, eight stolen passwords, seven insiders a-thieving; six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.
Here's wishing everyone a more successful data protection year in 2009, and let's keep battling the bad guys by keeping our data -- and everyone else's -- safely tucked away, encrypted or not, from those that would like to steal, pilfer, pinch, lift or otherwise make off with it.