This pattern of behaviour has been observed before, with the most notable incident being the SolarWinds breach that took place between Christmas and New Year in 2020. This breach, which targeted the company’s Orion software, compromised thousands of clients globally, including key government agencies and top-tier corporations. The orchestrated campaign was not only a wake-up call for IT professionals, but a vivid reminder of the cyber security vulnerabilities that emerge when the usual vigilance wanes during the holiday season.
This time of year provides the perfect scenario for cybercriminals. Reduced staffing, delayed response times, and the general complacency that comes with the festive season create an ideal environment for attacks. To ensure smooth operational continuity during the high-activity holiday season, many organizations adopt a ‘change freeze’ on their IT systems. This is where planned updates to the IT environment are postponed while other priorities are taken care of, which inadvertently creates gaps in cyber security. Essential updates and patches are delayed, leaving systems exposed to known risks. The SolarWinds incident is a stark example of how such vulnerabilities can be exploited, highlighting the need for a more nuanced approach to IT management during these periods.
In addition,the festive season often coincides with reduced staffing levels. This decrease in personnel substantially affects the ability to effectively monitor, detect, and respond to emerging cyber threats. Not all companies have a third-party Security Operations Center (SOC), let alone one in-house, and many Secure Operation Centers (SOCs) only run during business hours. This lack of continuous monitoring becomes even more apparent at the end of the year, again as was evident in the SolarWinds case.
Rise of holiday-themed phishing scams
The holiday season creates a surge in phishing scams, aimed at exploiting the general atmosphere of urgency and distraction in organizations. The Phishmas: Direct Deposit Scam, reported by Avanan, a Check Point company, is an example where attackers used this time of year to impersonate employees and make changes to financial transactions. In this scam, attackers posed as employees asking HR or their managers to change direct deposit information, redirecting payments to the fake account. These scams are particularly insidious during the holidays and require heightened awareness and preventive measures.
How businesses can stay safe over the holidays
Here are some tips to help businesses stay cyber safe over the holidays:
- Employee training: conduct cyber security awareness training for employees to educate them on potential threats and best practices. This is especially important for any stand-ins who may not have full visibility based on access management.
- Update and patch systems: although some implement a change freeze during this time of year, organizations should regularly update and patch all software where possible, including operating systems and applications, to address known vulnerabilities.
- Secure remote work environments: if employees are working remotely over the festive period, ensure that their home networks are secure. Implement virtual private networks (VPNs) to encrypt data transmission and use multi-factor authentication (MFA) for access.
- Phishing awareness: it is important to warn employees about holiday-themed phishing scams, such as fake promotions or shipping notifications. Encourage them to verify the authenticity of emails and avoid clicking on suspicious links.
- Monitor network activity: network monitoring tools are designed to detect and respond to unusual activities promptly. Set up alerts for any suspicious login attempts or unauthorised access.
- Data backups: you should regularly back up critical business data and ensure that those backups are stored securely. Test data restoration processes to guarantee that backups can be successfully recovered if needed.
- Collaborate with vendors: if your business relies on third-party vendors or service providers, ensure they adhere to robust security practices. Verify their security measures and communicate your expectations regarding data protection.
Article provided by Check Point.