Best Practices to Cyber Proof your Business for the Holidays
Imagine this. It’s Christmas and your staff is off on the much-awaited family vacation. Your organization is running on a skeleton crew with a bare minimum number of employees keeping things functioning. And boom, you suddenly have a ransomware attack. And your worst nightmare comes true.
Think cyber attackers are chilling during the holiday season? Think again. A simple data breach can cost you as much as US$ 4.35 million as per IBM’s 2022 data breach report. And, the report specifies, if you’re in the US, the chances of a cyberattack are more than any other country.
Do you remember the infamous ransomware attack on Colonial Pipeline in May 2021? The DarkSide system intrusions dismounted the American fuel pipeline causing a week-long suspension and the organization paid $4.4 million in ransom.
But why do cyber attacks skyrocket during the holiday season?
3 Reasons Why Holidays are the Prime Time for Cyber Attacks
Skeleton IT crew
Unattended networks and short-staffed cyber security operation centers are the perfect playgrounds for cybercriminals. The vulnerability to cyber assaults is further aggravated by the commonality of automated out-of-office (OOO) emails.
With the sophisticated “spray and pray method”, hackers leverage the system vulnerabilities in hybrid workplaces and containerized environments. In simpler words, they use force multipliers like automation to send bulk OOO email responses to find out which employees are on leave, when they will return to work and read their emergency contact details.
Fewer employees not only make it easier for cybercriminals to launch phishing emails or Distributed denial of service (DDoS) attacks but also delays the organization’s response to cybersecurity incidents.
Second, on-duty employees are more distracted, missing out on cyber hygiene protocols. No wonder why human errors are one of the biggest reasons (82% according to Verizon) for data breaches.
Spear phishing is on the rise
IT employees are the biggest phishing targets and that’s not surprising. They are privy to some of the most sensitive information and have all sorts of privileges. Spear phishing is sophisticated and difficult to spot even for IT professionals because it’s personalized and carefully targeted. Threat actors insert themselves into ongoing exchanges or conversations using data they collect from compromised emails or chats, which pose a significant danger to businesses that are already struggling during the holiday season.
Highly strained networks
Speaking of struggles, the increase in online activities during the holidays intensively strain the networks making them prone to penetration. It’s easier to extort ransom or launch a DDoS attack on unprepared businesses.
In terms of strained networks, the FIFA World Cup is usually a magnet for these sorts of attacks as businesses in hospitality, travel, logistics, and other industries related to the event will be particularly vulnerable. With the current World Cup underway in Qatar, organizations in these sectors will need to be on high alert with malicious actors attempting to steal customer information and data.
The good news is, most cyber attacks are preventable if companies comply with the basic cybersecurity best practices.
Best Practices to Cyber-Proof your Organization’s Security
Understand your vulnerabilities in-depth
The first step towards implementing a cybersecurity policy is understanding your business’s strongholds and vulnerabilities. You can start by running asset discovery scans and making an inventory of devices, wireless networks, file servers, and production application servers.
Second, quarterly vulnerability risk assessments are imperative to highlight the missing patches, security gaps, and vulnerable software programs. Here’s a checklist to give you a headstart:
- Automated web application scans to highlight injection flaws, cross-site scripting, and invalidated input
- Host-based assessment to pinpoint server, misconfigurations, or workstation vulnerabilities. Host assessment is crucial to analyze the legacy systems and patch history of the scanned systems.
- Wireless assessment of point-of-attack in the company’s wireless systems.
Draft pre-planned incident responses
Putting in place an effective cyber attack response plan is a necessity to initiate an automated response during cyber threats. A pre-planned incident response relies on 3 key pillars:
- Create automated incident response plans and integrate SOAR (Security Orchestration, Automation, and Response) tools.
- Conduct cyber security tabletop exercises to test the incident response plan in real time. A few examples of tabletop exercises are:
- Failed patch deployment
- Malware and spyware infections
- Worm and virus response
- Active and inactive intrusion during SDLC
- Website and database denial of service
- Compromised cloud security
- External threats and unplanned attacks
- Compromised network with ransomware attacks
Review the effectiveness of the incident response to the tabletop exercises. Highlight the points of improvement and devise a future strategy.
Build employee awareness
Your employees are the biggest assets not just for you but also for cyber attackers.
Every employee, their activities, devices, and responses are the points of penetration for cyber threats. Educate your employees about cybersecurity policy, secure VPN connections and firewalls, and password security best practices. Additionally, make cybersecurity a shared responsibility between the company and its employees. Integrating the employees in tabletop exercises and having them execute the immediate and long-term plan in the case of an attack is the key.
Battle-proof your databases
Firstly, keep distributed access to resources and systems for immediate availability.
Second, perform extensive data and security assessments to identify any rogue databases, misconfigurations, and injection vulnerabilities.
Third, restrict access to data resources over remote desktop connections and keep offline data backup. For offline data backup, use the classic 3-2-1 strategy where two copies of data are stored on-site (mostly on Cloud) and a single copy is stored off-site.
Implement a cybersecurity strategy tailored to your business
Your cybersecurity strategy needs to be tailored based on the industry, company size, network security, IT systems, and software programs. It needs to meet your business goals and ultimately help you achieve higher value and ROI. For this, your strategy needs to seamlessly blend into the overall commercial strategy and business roadmap.
Be a part of the Purple Book Community and don’t let cyber threats ruin your holidays
To make an organization’s fortress immune to cyberattacks, a mindset shift is a prerequisite. To build the organization’s foundation on DevSecOps, a powerful resource to start with. These are the core beliefs of the Purple Book Community. We aspire to provide valuable resources to facilitate early-age adoption of AppSecOps and DevSecOps.
Twenty nine industry experts and security executives came together to author “The Purple Book of Software Security” to make that happen for you. Get your free book here.