BY YUSUPH KILEO
WE’RE coming to the holiday season also known as the season of distraction, which makes the holidays the perfect time for hackers to focus on our business.
In this time of the year, employees are excited about the holidays and taking time off to be with their loved ones while hackers are gearing up for their busy season. In fact, the holiday season is when hackers are the most active
During the InfoSec dialogue which took place in South Africa, we strongly agreed that there is a need to enhance international cooperation to combat cybercrime, build meaningful Public-Private partnership for cybersecurity & Improve cyber capacity building for sustainable development.According to statista, during the third quarter of 2022, approximately 15 million data records were exposed worldwide through data breaches.
This figure had increased by 37 percent compared to the previous quarter. This shows that the cyber attacks are yet gaining momentum forcing many organization to think of new ways to fortify their cybersecurity.
Studies show a 30% increase in ransomware attacks, and a 70% increase in attempted ransomware attacks during the holiday season in 2021 compared to the monthly average. It is clear that the holiday season exposes many organizations to an increased risk of cyber-attacks.
In a recent headline we have seen a massive number of cyberattacks targeting financial institutions, healthcare sectors, intellectual, and government sectors. The most common cyber security threats and poses a serious cyber threat to businesses of all sizes are phishing attacks and ransomware attack.
Phishing attack is growing more advanced, many employees don’t have the skills to identify a phishing email while ransomware is considered to be one of the biggest cyber security threats in 2022.
Ransomware attacks work by infecting your network and locking down your data and computer systems until a ransom is paid to the hacker.
There are a few reasons for increased malicious activity around the holidays: IT staff, like other employees, take PTO, so enterprises are understaffed compared to a normal work week.
In December, people tend to experience burnout after a busy year causing some to relax their normally good cybersecurity posture.
Employees also are in a rush to finish projects before ringing in the New Year, which can lead to mistakes.
Enterprises often hire contractors to fill some staffing positions, and these temporary employees might not be familiar with company policies and procedures.
Combined, these factors create a perfect storm for hackers to execute successful cyberattacks.
Given this threat landscape, what can companies do right now to prepare for the holiday hacking season?
Here are five actions they can take immediately to shore up their defenses:
Pause large changes in your security stack: IT changes that may not have been fully tested can create vulnerabilities. While it might be tempting to rush things out the door to achieve a clean slate going into the New Year, doing so will create significant security risks as weak systems can present security gaps that cybercriminals can easily exploit.
If it won’t hurt the business, consider delaying any IT changes until the new year, when staff is back, recharged after their break and ready to give their full attention to testing.
Ensure contractors are up to speed on company policies and procedures: Many companies hire contractors to fill staff shortages around the holiday season.
While this is great from a business standpoint, it can be troublesome from a security perspective, as temporary or contract workers might not be as knowledgeable or vigilant about cybersecurity policies and practices.
Additionally, they likely have not gone through the same cybersecurity training as full-time employees. To reduce risks associated with contract workers, ensure they have been briefed on the company’s security policies and give them short trainings on vulnerability management.
A little time spent on cybersecurity education and awareness can go a long way in preventing mistakes while they’re working on the network for a few weeks.
Subscribe to a threat intelligence offering: Security is a collaborative effort, and your company does not have to go it alone.
Threat intelligence offerings are available to help you understand current threats making the rounds, so you can identify which present the most risk to your company.
When you know attackers’ threat vectors, motives and targets, you can better prepare your organization and respond faster in the event of an attack. The research is already done and out there — you just need to access and take advantage of it.
For the third consecutive year, data breaches increased when compared to Q1 of the previous year — According to the…
medium.com
Carefully watch traffic coming into the security operations center (SOC): Making sure the traffic coming into the SOC is normal and expected is of utmost importance. If anything seems abnormal, make sure to investigate it immediately, as unusual activity could mean a bad actor is trying to penetrate your network.
Monitoring traffic is a practice that is important year-round, but it’s especially critical during this time of year when companies typically experience increased traffic volumes. Additionally, communication across teams in this regard is key, as people are in and out of the office for the holidays.
Communicate safe IoT stewardship while employees are home: Many employees will receive connected devices as gifts this holiday season, and while they provide many benefits, they also introduce security risks — and not just from a consumer perspective.
Subscribe to : https://www.youtube.com/@KileoYCyber
With a large remote/hybrid workforce still dominant across enterprises, people could reach for their corporate laptop first to plug in that new drone or IoT-enabled smart watch.
Clearly communicating to employees to leave their work laptops safely stored away can prevent insecure devices from compromising corporate networks.
(Yusuph Kileo is an expert in the field of Cybersecurity and digital forensics).