This holiday season, like in years past, will prove plentiful for many businesses, regretfully, so will it for the bad guys. We have already entered the holiday marathon stretch, with Cyber Monday and Black Friday upon us. As the retail and tourism businesses cash in on holiday consumers, organized criminals and other threat actors anticipate the holiday season and prepare themselves diligently. They seek out weaknesses and learn the landscape meticulously to seek out their share of the season’s wealth. With our attention elsewhere, and so much "noise" to blend in, the potential opportunities are too enticing to pass on by cyber criminals.So how can businesses prepare themselves for this ever threatening and scaling problem? We’ve come up with a tactical approach to help you prepare for the holidays, by implementing quick and easy fixes to help your organization keep safe this holiday season.
1. Follow threat actor chatter
Find out what threat actors are talking about. You can do so by getting access to both open and underground forums in both the dark web and open web where threat actors offer fraudulent services. This will help you identify if you are targeted, understand their methods as well as gain access to their tools. Once you have identified the pattern, then you can adjust your internal procedures and controls accordingly.
2. Raise the awareness level
Everyone is hyped and understand the need to prepare for inevitable danger. According to Alexander Gitsin, our Cyber and Information Security Architect, "we need to raise the internal 'threat and awareness level' for SOC teams, disaster management and availability of key personnel alike. You need your team ready for any signs of possible intrusions."
Now is a prime time to hold a holiday refresher training campaign. Hold a session that is focused on providing your employees with the best practices for cyber security, especially during this time of year. Offering such training can help you avoid common risks like phishing scams and unintentional data leakage of customer information. The holiday season is commonly known for phishing attacks so beware and watch those inboxes!
Aside for employees, consider sending the same type of message to your customers to raise awareness with them as well.
3. Have a plan
Especially during the holiday season when businesses are most vulnerable due to hackers on the prowl, you need to make sure you are ready. Regardless of implementing preventative and detection cyber security capabilities, having a post-incident response plan in place is the most critical step in today's digital age. Having a plan of action allows your business to react quickly to an attack. No matter how prepared you think you are, no cyber security measure is infallible, having a plan in place will make the difference between having a contained event or an out of control disaster. This way, in the heat of the moment you will be able to respond quickly in order to keep attackers from causing further damage.
Practice procedures should be carried out according to your top 3 likely playbooks, such as brute force attacks or credential staffing. You should even consider running several tabletop exercises to make sure all the stakeholders are fully acquainted with their roles.
In case of breach, be sure to check out our "You have been breached now what" response guide.
"Implementing CAPTCHA is a quick and easy solution to prevent attacks like credential stuffing, which does not have a huge impact on user experience", says Adi Peretz, Senior Strategic Consultant and Head of Research.
4. Backup your data
You should already have your data backed up, but if you don’t- do it pronto! Make sure to regularly backup your data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files accounts receivable/payable files and any other data that you as a business consider critical. Where possible, backup data automatically, or at least weekly and keep the copies either offsite or in the cloud for redundancy.
5. Have a top-notch security expert ready
In some cases, especially in an emergency, you want to make sure you have an expert to back you up and be ready when you need them. Cyber security experts are a scarce resource and seem to always be lacking when you need them most. Not to mention the already stretched out internal security resources you have to deal with your daily challenges. In some cases, especially in an emergency, you want to make sure you have an expert to back you up and be ready when you need them. Cyber security experts are a scarce resource and seem to always be lacking when you need them most. Not to mention the already stretched out internal security resources you have to deal with your daily challenges. Finding a cyber security vendor or expert that will be there when you need them most is important, even more so when it comes to this peak season.
That about sums it up, these quick fixes should be your guide to help prepare you for the hype and spike in cyber activity that surrounds the holiday season. Don't let cyber criminals take advantage of your organization this holiday season. There’s no need to hamper the festive spirit with possible security dangers. Instead, take the time to prepare your plan of action by following our tips and best practices. Wishing you all a happy and prosperous holidays!