Happy Blame Someone Else Day
In cybersecurity, each day a company experiences a data breach, it appears to be #BlameSomeoneElseDay
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt31f41a548a2265b8/64f0da9475105054e6d7c4f6/01-image.png?width=700&auto=webp&quality=80&disable=upscale)
Today is an unusual day, for sure. It’s most likely a holiday most of us have missed. Even though it takes place on Friday the 13th, it’s not about being superstitious. It’s actually about blaming someone else.
So, here’s to you—Happy Blame Somebody Else Day!
What is this holiday, you ask? National Blame Someone Else Day is an “unofficial” national holiday always celebrated on the first Friday the 13th of the year. It was invented due to an alarm clock failing to go off, hence creating a domino effect of bad luck events throughout the day.
According to the National Day Calendar, the way to celebrate is self-explanatory in the name, and not much more needs to be said. If you don’t want to blame someone, you can choose to place the blame on something.
Speaking of blame, “accountability in security” is an ongoing issue. It seems that internal teams at organizations are always trying to point the finger elsewhere if something bad occurs—especially if the organization is a victim of an attack. This brings to mind the old adage “When You Point a Finger at Someone, There Are Three More Pointing Back at You” —Unknown.
The actual visual would be a room full of people pointing at each other, no one accepting responsibility.
In cybersecurity, the day a company experiences a data breach appears to be their very own #BlameSomeoneElseDay:
Blame Poor or Missing Risk Assessments
Blame a Lack of Funding
Blame the Tools
Blame Bad Behavior
Blame a Lack of Communication
Blame a Poor Reporting Structure
Blame the Lack of Awareness
Blame the Bad Decision(-Maker)
Blame the Short-Term Fix
Blame a Lack of Metrics
Blame the Third-Party Vendor
Blame Everybody Else
Blame a Magician
The team at imsmartin would like to thank the experts from the following companies that helped to make this “lucky 13” slideshow possible: Armor, Citrix, Palo Alto Networks, Rook Security, and WhiteHat Security.
Each expert shared their thoughts on where blame occurs and why blaming someone or something else is a bad idea …. even if it happens to be on Blame Someone Else Day.
In case you were wondering, the official hashtag for this holiday is #BlameSomeoneElseDay.
Daniel Ford, Forensic Analyst and Security Engineer, Rook Security
"Security teams take a lot of time to procure and implement security solutions, but as time goes on, these tools get neglected and become useless. Companies need to be more responsible in taking care of these tools and monitoring alerts that come from them."
Kurt Hagerman, CISO, Armor
"Operationalize risk management and make it a part of everyday business. Encourage all employees to report issues they believe put the company at risk and have these all reviewed by a risk board that includes stakeholders from every department."
Kurt Hagerman, CISO, Armor
"Ensure that the CISO does not report up through IT/CIO and has at least a dotted line to the Board to enable timely reporting of risk issues without them being filtered."
Mike Patterson, Vice President of Strategy, Rook Security
"We didn't cause a breach, our vendor did. While it may feel slightly comforting that a breach wasn't directly caused by your organization, the reality is that it is still your organization's responsibility to vet the security programs of your partners, vendors, and suppliers. Some well-known breaches have occurred because third-parties were either breached directly or had their credentials lifted to ultimately breach the main target."
Organizations need to take control of their supply chain and mandate minimum security requirements in order to receive or do business (and have them regularly attest). This includes law firms, banks, credit bureaus, accounting firms, cloud applications, payroll outsourcing, contract manufacturers and many others. If your sensitive data is in the hands of another organization, you need to validate their security posture or be prepared to take your business elsewhere. Smart organizations are already doing just that."
Today is an unusual day, for sure. It’s most likely a holiday most of us have missed. Even though it takes place on Friday the 13th, it’s not about being superstitious. It’s actually about blaming someone else.
So, here’s to you—Happy Blame Somebody Else Day!
What is this holiday, you ask? National Blame Someone Else Day is an “unofficial” national holiday always celebrated on the first Friday the 13th of the year. It was invented due to an alarm clock failing to go off, hence creating a domino effect of bad luck events throughout the day.
According to the National Day Calendar, the way to celebrate is self-explanatory in the name, and not much more needs to be said. If you don’t want to blame someone, you can choose to place the blame on something.
Speaking of blame, “accountability in security” is an ongoing issue. It seems that internal teams at organizations are always trying to point the finger elsewhere if something bad occurs—especially if the organization is a victim of an attack. This brings to mind the old adage “When You Point a Finger at Someone, There Are Three More Pointing Back at You” —Unknown.
The actual visual would be a room full of people pointing at each other, no one accepting responsibility.
In cybersecurity, the day a company experiences a data breach appears to be their very own #BlameSomeoneElseDay:
Blame Poor or Missing Risk Assessments
Blame a Lack of Funding
Blame the Tools
Blame Bad Behavior
Blame a Lack of Communication
Blame a Poor Reporting Structure
Blame the Lack of Awareness
Blame the Bad Decision(-Maker)
Blame the Short-Term Fix
Blame a Lack of Metrics
Blame the Third-Party Vendor
Blame Everybody Else
Blame a Magician
The team at imsmartin would like to thank the experts from the following companies that helped to make this “lucky 13” slideshow possible: Armor, Citrix, Palo Alto Networks, Rook Security, and WhiteHat Security.
Each expert shared their thoughts on where blame occurs and why blaming someone or something else is a bad idea …. even if it happens to be on Blame Someone Else Day.
In case you were wondering, the official hashtag for this holiday is #BlameSomeoneElseDay.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024