The Agency Insider with Linda McGlasson

The Twelve Days of Breachmas

The Twelve Days of Breachmas

Sitting down at your desk wondering how you're going to get your info sec budget through the next finance meeting unscathed and still manage to meet all of your department's regulatory requirements? Well, I can assure you, you're not alone. But take this song sheet with you to the next budget meeting and sing it out loud where all the senior executives can hear it outside of the conference room. No, it may not be subtle, but hard times call for drastic measures, and you can't have your budget cut any further, am I right?

My apologies to lyricists everywhere, but this time of year lends ample fodder for the non-musically inclined to play with all the ways a breach occurs at companies everywhere. Grab your bottle of Maalox and hum along. Remember that it's just a song, not what could happen...or is it? Well, I can't answer for other institutions, but I'm sure you've not got a single worry about a data breach happening at your institution.

The Twelve Days of Breachmas

On the first day of Breachmas my employees gave to me: one missing laptop loaded with all our new enrollees.

On the second day of Breachmas my employees gave to me: two unshredded data records in the trash and a missing laptop loaded with all our new enrollees.

On the third day of Breachmas my employees gave to me: three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the fourth day of Breachmas my employees gave to me: four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the fifth day of Breachmas my employees gave to me: five banker Trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the sixth day of Breachmas my employees gave to me: six hackers a-hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the seventh day of Breachmas, my employees gave to me: seven insiders a-thieving, six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the eighth day of Breachmas my employees gave to me: eight stolen passwords, seven insiders a-thieving; six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the ninth day of breachmas my employees gave to me: nine phishing emails, eight stolen passwords, seven insiders a-thieving; six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the tenth day of breachmas my employees gave to me: ten thumbdrives a-missing; nine phishing emails, eight stolen passwords, seven insiders a-thieving, six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the eleventh day of breachmas my employees gave to me: eleven lawyers litigating, ten thumbdrives a-missing; nine phishing emails, eight stolen passwords, seven insiders a-thieving; six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

On the twelfth day of breachmas my employees gave to me: twelve regulators enforcing, eleven lawyers litigating, ten thumbdrives a-missing; nine phishing emails, eight stolen passwords, seven insiders a-thieving; six hackers hacking, five banker trojans, four botnets infecting, three unpatched servers, two unshredded data records and a missing laptop loaded with all our new enrollees.

Here's wishing everyone a more successful data protection year in 2009, and let's keep battling the bad guys by keeping our data -- and everyone else's -- safely tucked away, encrypted or not, from those that would like to steal, pilfer, pinch, lift or otherwise make off with it.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.