It’s that glorious time of year; we’re spending time with loved ones, going to parties, exchanging gifts and probably taking some time off work.
And there’s always someone out there to spoil it.
For many people, December is a rush of activity; they are distracted by festivities and plans, and work tends to fall a couple of rungs down the priority ladder. These distractions provide the perfect cover for cybercriminals to make their move (you may have seen notices from various national cyber and crime departments – here’s one from the FBI in the US).
So, here is your timely reminder about staying on your toes, even when things get a little hectic. Truthfully, this isn’t just about December, it’s about anytime you might have your mind on something else.
Here’s an example. When we talk about Business Email Compromise scams, we always tell our clients that they should be particularly vigilant before time off, or even the weekend. If someone is planning to convince you to send them thousands or millions of pounds, they already know your schedule and that you’re likely to be so busy wrapping things up that you might just let something slip by. Other scams may include deliveries and parties that open the way for social engineering opportunities and emails offering amazing prizes that are just too good to be true.
This is no different for ransomware, which often comes via a phishing email. And while the office is working with a skeleton crew (i.e. while half the team is off on holiday), it’s the best time to strike. Hackers don’t really do annual leave.
Mitigating the risk
We recommend the usual mitigation activities, including:
- Ensuring you have an offline backup of your data (and certainly a process to do this regularly).
- Providing your staff with awareness training so they know what to be on the look out for.
- Patching your software and infrastructure! Put in place a patching process and then adhere to it.
- Putting in place a strong password policy and enable Multi-Factor Authentication and then make sure your staff stick to it.
- Testing your defences regularly; keep up-to-date with the ever changing threats from criminals who don’t take holidays.
- Reviewing your Identity and Access Management policy to make sure your workforce can only access what they need to as this gives cyber criminals fewer options if they do happen to breach your defences.
But when it comes to managing an attack or breach:
Have an Incident Response plan: Incident response isn’t perfect on a normal day, but imagine a day where the SOC has fewer staff than usual or the security team are short-staffed and thought everything might be ok for “just that one weekend”. To counter this, your Incident Response plan should have considerations for a skeleton crew—like during the holiday season and on weekends. It’s also very important to ensure you hire a diverse team, as this can generally alleviate staffing issues for a multitude of reasons and it broadens the capabilities of the team as they share ways of thinking and experiences.
Have an on-call process: What happens if disaster strikes and the back up staff have been relaxing by the pool with a margarita in hand? If you have team members on call, make sure the rules are clear.
The right technology: The human element of incident response is pretty important, but so are the tools. Ensuring that your organisation has the right tools in place (and that might be a managed service provider or your own internal SOC) and that those tools are configured correctly.
Don’t be complacent
Importantly—and we do say this a lot—don’t ‘set and forget’ any of the digital security measures you put in place. Cyber criminals don’t stop for the weekend or for the holidays and they are always looking for a way to get access to your networks and systems. If you would like to talk about setting up, testing or improving your defences, we would be happy to help.
Contact us to talk about what you need.
Cyber 101: Cyber Awareness Month
Over the years, we have developed a range of content with the aim of educating organisations on cyber security threats and helping them defend their assets and reputation, so for us every month is Cyber Security Awareness Month.
Hacks and Libel - Digital Threat Digest
On 26 September, Semafor published a lengthy article written by Jay Solomon claiming that a series of Iranian-American analysts and advisors to the Biden administration had been compromised as part of a long-running Iranian influence operation.
How to manage the digital frontier? - Digital Threat Digest
These days, there seems to be a variety of digital technologies on the horizon that are poised to disrupt the way we live our everyday lives.