T’was the Night Before the Breach (2021 Edition)

Mike Sheward
3 min readDec 14, 2021

--

T’was the night before the breach, when all through the venture-backed hybrid work collaboration suite, not a creature was stirring, not even the reminder to take some time for self-care and give yourself a treat.

The digital vaccine records were hung by the chimney with care, in hopes that HIPAA would not apply there.

The security team were nestled all snug in their beds, while visions of a fully patched client VPN appliance danced in their heads.

And CEO in her facemask, and CISO in his cap, had just settled their brains for a long winter’s nap.

When out of the single pane of glass monitoring tool there arose such a clatter, I sprang from the bed to see what was the matter.

Away to the computer I flew like a flash, a multifactor authentication challenge from my smartphone app it did dash.

The trails of CVE’s bouncing around on the screen, but I’d been told that our vendor had excellent security hygiene.

When, what to my wondering eyes should appear, but a note from the vendor explaining how they take our security seriously and dear.

With a jolly introduction, so lively and slick, I knew it was because they’d acquired some ransomware and it was moving around quick.

More rapid than eagles the apologies they came, I shrugged at them all, since I knew I’d have to do the same.

“Now CEO! Now, CFO! Now, Legal and Cyber Insurance Provider! Oh, Credit Monitoring! Oh, Service Desk! oh, and oh Customer Success! We’re very sorry, but our vendor got popped! Now dash them away! Dash them away! Dash them away all!”

As dry leaves that before the wild hurricane fly, when they meet with a backup, a restore they will try.

So up to the cloud backup provider they flew, in the hope of some unencrypted data that would get them through.

And then, in a twinkling, I heard on the Zoom, one of my analysts escort their barking dog from the room.

As I drew in my head, I told them to mute, I imagined the prepared statement that would give our reputation a reboot.

We take security extremely seriously, we promise our stuff is great. So we’re sorry credit monitoring is your fate.

This appears to have been the vendors fault, but ultimately someone just used credentials set by default.

My eyes-how they starred! My face how angry! My cheeks were like roses, and since it was ten minutes since I last ate, I started to raid the pantry.

The vendor, how could they not know, that changing the creds was the way to go?

Returning to the Zoom I gritted my teeth, my virtual background an illuminated Christmas wreath.

Someone told a joke while we worked, I looked down at my belly, it shook when I laughed, like a bowlful of jelly.

I was getting a little out of shape, even for me, perhaps I should actually get one of those Tonal things, if the supply chain would let it be?

A wink of her eye and a twist of her head, one of my engineers gave me to know I had nothing to dread.

She spoke not a word, but went straight to her work, and found all the critical files, restored them, and checked no bad actors continued to lurk.

And laying her finger aside of her nose, and giving a nod, up the boardroom she rose!

She sprang to her standing desk, to my team gave a whistle, and away they all flew like the down of a thistle.

But I heard her exclaim we were now secure, ‘ere she drove out of sight, “Happy incident free Christmas to all, and to all a good-night!”

Adapted from the 2020 version of T’was the night before the breach, which was adopted from T’was the night before the breach from a few years ago, which was of course adapted from the original poem, by Clement Clarke Moore.

--

--

Mike Sheward
Mike Sheward

Written by Mike Sheward

Information security professional specializing in SecOps, IR and Digital Forensics. Author of the Digital Forensic Diaries, and now, the Pen Test Diaries.

No responses yet