It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.
So how can you take precautions to protect your organization during these times?
Why holidays put your company at risk of cyberattack
Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.
Most end-users do not think about cybersecurity when surfing the web or receiving emails with holiday deals during the season. As a result, many let their guard down to a certain degree and become preoccupied and distracted more than usual. Increased distraction from the end-user perspective and less scrutiny of emails and websites where holiday discounts and offers may be displayed can provide the perfect opportunity for attackers using phishing scams or malicious advertisements.
Additionally, IT operations and SecOps teams may be short-staffed with staff out on vacation during the holidays. It creates a situation of increased risk to business-critical data with potentially fewer resources to help mitigate risks and breaches if they happen.
Earlier this year, the FBI and Cybersecurity & Infrastructure Security Agency released a general alert for increased vigilance for ransomware attacks during holidays. You can read the warning here: Ransomware Awareness for Holidays and Weekends | CISA. In part, it states:
“The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021.”
With upcoming holidays in the U.S. and worldwide, organizations must remain vigilant and on guard to protect against many forms of attack. Let’s look at the following common cybersecurity risks during this holiday season:
- Phishing email
- Data breach
- Distributed Denial of Service (DDoS)
- Breached passwords
images from Hacker News