T’was the Night Before the Breach (2020 Edition)
T’was the night before the breach, when all through the Slack, not a creature was stirring, not even the alerts channel that was yet to be dialed back.
The employee health questionaries were hung by the chimney with care, in hopes that HIPAA would not apply there.
The security team were nestled all snug in their beds, while visions of zero trust networking solutions danced in their heads.
And CEO in her ‘kerchief, and CISO in his cap, had just settled their brains for a long winter’s nap.
When out of the EDR there arose such a clatter, I sprang from the bed to see what was the matter.
Away to the computer I flew like a flash, a SAML assertion sent from the identity providers cache.
The indicators of compromise suggested someone doing crimes, something unprecedented in even the most unprecedented of times.
When, what to my wondering eyes should appear, but an email from the EDR account exec suggesting we meet on Zoom for a virtual beer.
With a jolly introduction, so lively and slick, I knew it was because we’d exceeded our licensed host arithmetic.
More rapid than eagles the calendar invitations they came, I declined them all in the hope my inbox I could reclaim.
“Now Solutions Engineer! Now, Account Exec! Now, Customer Success and Marketing Case Study person! Oh, Value Added Reseller! Oh, Technical Support! oh, and oh Solutions Architect! I appreciate you reaching out, but now is not the time! Now dash them away! Dash them away! Dash them away all!”
As dry leaves that before the wild hurricane fly, when they meet with an obstacle, a new approach they will try.
So up to my direct report they flew, in the hope of some attention that would get them more revenue.
And then, in a twinkling, I heard on the Zoom, one of my analysts escort their barking dog from the room.
As I drew in my head, I told them to mute, I imagined the prepared statement that would give our reputation a reboot.
We take security extremely seriously, we promise our stuff is great. So we’re sorry credit monitoring is your fate.
This appears to have been the result of a sophisticated state-sponsored hack, but ultimately someone just pasted credentials in the wrong Slack.
My eyes-how they starred! My face how angry! My cheeks were like roses, and since it was ten minutes since I last ate, I started to raid the pantry.
The user, how could they not know, that improper distribution of creds was not the way to go?
Returning to the Zoom I gritted my teeth, my virtual background an illuminated Christmas wreath.
Someone told a joke while we worked, I looked down at my belly, it shook when I laughed, like a bowlful of jelly.
I was getting a little out of shape, even for me, perhaps I should actually get a Peloton so I can do that ride with Queen Bee?
A wink of her eye and a twist of her head, one of my engineers gave me to know I had nothing to dread.
She spoke not a word, but went straight to her work, and found all the compromised credentials, rotated them and checked no bad sessions continued to lurk.
And laying her finger aside of her nose, and giving a nod, up the boardroom she rose!
She sprang to her standing desk, to my team gave a whistle, and away they all flew like the down of a thistle.
But I heard her exclaim we were now secure, ‘ere she drove out of sight, “Happy incident free Christmas to all, and to all a good-night!”
Adapted from the original version of T’was the night before the breach from a few years ago, which was of course adapted from the original poem, by Clement Clarke Moore.
