As you can see from these examples — all of which occurred within the last 12 months — cybercriminals are spoilt for choice regarding how to attack and disrupt businesses and their customers.
When businesses slow down, cybersecurity should ramp up
While we might typically associate increased cybercrime with the retail sector at Christmas, organisations in the non-retail space should not be complacent. End-of-year employee fatigue combined with a period of office shutdown or skeleton staff can be equally beneficial for cybercriminals.
During this time, especially with a reduced IT staff, alerts about identified vulnerabilities or new patches that require immediate implementation might only be acted upon after 1 January. This window of opportunity can mean that if an attack is successful, there may be a significant delay between the incident and its discovery. In the event of a data breach, this could lead to serious consequences, as time is of the essence for damage limitation.
Here are some key IT considerations for the countdown to the Christmas break:
- Keep your systems up-to-date
Check your firewall, anti-virus software, and data backup. Ensure systems are appropriately patched and running the most up-to-date versions of software. Conduct a pre-holiday audit to validate the latest infrastructure updates and fix vulnerabilities. Diligence in applying vulnerability patches should be as robust during the holidays as the rest of the year.
- Conduct phishing simulation training
Phishing emails have become even more sophisticated with the arrival of AI, which cyber-attackers are now using to produce more professional and authentic-looking messaging. This places even greater importance on phishing simulation training to help employees learn to identify malicious emails, links, and attachments, and safe ways to verify the identity of legitimate senders.
- Implement a zero-trust architecture
Based on the principle, ‘never trust, always verify’, a zero-trust architecture limits privileges and requires all actors within a network to be authenticated before being able to access data. In other words, it authenticates and authorises every interaction between a network and a user/device rather than allowing them to move freely within the network once granted access. In this way, a zero-trust environment can not only help prevent cyber-attacks but it can also lessen the impact if an incident occurs.
- Review your cyber response plan
A cyber response plan ensures that everyone knows what they must do should a cyber incident occur, helping prevent delays in trying to organise a team to fix the problem and/or manage a data breach. When you have a detailed plan in place, you can make alterations to accommodate staffing changes over the holiday period, including having a response team that is available 24/7.
Remember, we are here to support our clients in proactively managing cyber risk all year round. To help achieve this, we offer a package of cybersecurity services, including vulnerability scanning, penetration testing, phishing simulation training, and incident response planning.
Please get in touch with the team if you would like to know more. We wish you a safe and happy festive break.