Green Eggs and SPAM - Efficient Incident Response

Risks are not the same as threats.
Malware doesn’t matter (so much).
Focus on what is important, and communicate.

There once was some data on a computer
Created by a user that nobody knew
It was taken by someone who didn't exist
And that's when the incident grew

Two other computers had malware
Another had anomalous comms
To blacklisted IP addresses
So everyone worried about (logic) bombs

...and droppers, downloaders and Trojans
Anonymous, the Chinese, and Shamoon...

But no one stepped back for a second
to try to think the whole thing through.

Turned out that the computer was accessed
by Bob in accounting that night
Because Tom in accounting was promoted
And Bob thought that just wasn't right

So while the company focused on China,
And tried to work out why Iran was involved
And spent lots of money on vendors
The incident could have been solved...

By taking a look at what happened
Not jumping the gun to decide
That malware was the root of the problem
While Bob got away with his crime.

Click here for more information about what we mean.