Read a security briefing today on data breaches.

The author had a great sense of humor:

"We define who is behind the data breach as the threat actor. You may have different and less G-rated names for them, which is fine - we do not judge."

"Some people will click an attachment faster than Harry Turner". I actually had to look that one up:

'If you are perusing this fine report and have not heard about ransomware, let us be the first to say, "Congratulations on being unfrozen from that glacier!"'

Under a map of the world showing botnet infections by country: "Note: We didn't normalize this by population. We're trying to impress the global natures of the victims, not pit countries against each other."

"So, what about the malware you do see? At least 37% of malware hashes appear once, never to be see again, not unlike praise from your boss."

"Malware - it won't always look the same, like your brother when he uses the combover, it can and will attempt to change its appearance."

"You know you've heard it. So have we. 'DDoSs are used to cover up real breaches.' Not unlike 'the government is covering up evidence of alien visitation', it is often heard but not so easy to prove."

"Amplication attacks take advantage of the ability to send small spoofed packets to services that, as part of their normal operation, will in turn reply back to the victim with a much larger response. It is similar to asking a friend 'How are you?' and then receiving a twenty-minute response about the price of gas, how much they love CrossFit, their cat's hairball problem, etc."

"Some industries handle ... payment card data, some have databases full to the brim with [personal info], some protect classified information, and some are lucky enough to do all of the above."

"Don't expect a mint on your pillow or a nightly offer of a 'turndown service' from hackers to alert you to their presence. Breaches aren't discovered for months in 96% of cases"

"... the percentage of hacking drops to 44%. If your favorite number is 44, you will be happy to know that the use of backdoor ... and use of stolen credentials were present 44% of the time in the aforementioned 44%"

"If we were to assess the ... Healthcare vertical with regard to security, [something] along the lines of 'greatly improve your diet, stop smoking, and increase your workout routine or else' would cover it"

"With regard to incidents Healthcare is almost seven times more likely to feature a casual error than other verticals ... but you might not want to ponder that when you go in to get that appendix removed."

"Have you ever had a deep and meaningful thought, and then some time later read the same thought expressed better by someone who had been dead for centuries? D'oh!"

"[Visualize breaches] as a game of golf. The golfer [aims] to reach your ... sensitive data (located in the cup). They bring ... their skill, the right clubs ... and almost certainly a flat-brimmed Rickey Fowler cap. The victim organization is the course designer ... they can use sand traps, water hazards, pin placement and so on in order to prevent the attacker from scoring par (or god forbid a birdie) on that hole."