5 Holiday Cybersecurity Tips to Try Before the End of the Year – Security Intelligence

5 Holiday Cybersecurity Tips That Make a Real Impact
Tired of cybersecurity tips that don’t really make an impact? This post is for you.
The year is winding down to an end. Everyone, including security teams, is busy and preoccupied. Cyber actors know this and are gearing up to launch attacks.
Over the holiday season, the global number of attempted ransomware attacks has increased by  30% YOY. Also, a 70% average increase in attempted ransomware attacks appears to occur in November and December compared to January and February.
One report from the retail and hospitality sector indicates that imposter websites, product-focused phishing attempts and phishing attempts impersonating executives all tick up during the holidays. The report also observed a greater prevalence of social engineering attacks, heavily targeted at credential harvesting or bypassing multifactor authentication (MFA).
With security teams already stretched thin, what happens when people head out for the holiday break? Short staff leaves your data, systems and networks even more vulnerable. If an incident occurs, do you have a holiday response plan in place?
Let’s look at some truly useful tips on how to prepare for cyberattacks during the holidays.
Before you head out for the holidays, know who can be called in if a cyber incident happens. You should clearly establish, in writing, who’s on call and when.
On-call team members should be available 24/7. Well-organized incident response teams should already understand their roles and responsibilities. Still, given how hectic the end of the year can be, it’s worth confirming who will be responsible during the holidays.
Some companies transfer security tasks to a managed detection and response (MDR) provider. It then becomes the responsibility of the third party to provide full coverage over the holiday and weekends. MDR solutions can take care of the full threat management lifecycle with turnkey support for leading endpoint and network security technologies.
The reality is that with the increasing complexity of malicious and automated cyber threats, many organizations lack the security skills to handle sophisticated and advanced threats. Even organizations that do have the required expertise often struggle with managing too many security tools and alerts to adequately reduce mean time to resolution (MTTR).
Alert overload and time-consuming investigations lead to security analyst fatigue. Meanwhile, today’s reality demands 24-7 coverage to investigate alerts as threat actors tend to attack during non-business hours and holidays.
For this reason, managed detection and response is an attractive solution for security teams that lack the expertise — or team size — to maintain strong security during shoestring staffing periods. MDR can consist of services such as alert management, threat containment, incident response and proactive threat hunting.
Since everyone is in a hurry to get work done, we may let our guard down when it comes to reading emails carefully. Remember, the majority of malware still gets into computers and systems due to human error. Even the most careful of us may accidentally open infected files or click on malicious links.
Social engineering attacks continue to generate good results for cyber criminals. So be wary of any and all communication, even if it appears that it comes from a trusted source. All employees should treat any unsolicited messages with the highest level of suspicion.
If a request sounds fishy, stop and examine the entire context carefully: Who is the message coming from? Is the email address or domain name valid? Look again. Slight misspellings and typosquatting attacks can escape detection if you are in a hurry to get out the door.
You can also do in-house phishing drills. This means sending out fake emails on purpose to test your teams and educate them. When they spot a suspicious email, praise them. If they take the bait, show them where they made a mistake.
During the holidays and weekends, some security experts recommend locking down privileged accounts. It’s common for intruders to penetrate networks by escalating privileges to the admin level, where they can then deploy malware. High-level access is rarely required on holiday breaks or weekends.
As an option, security teams can create highly secured, emergency-only accounts in the active directory. These accounts would only be used when other operational accounts are temporarily disabled or when operational accounts are inaccessible during a ransomware attack.
An even better strategy would be to adopt privileged access management (PAM). This is a strategic approach to who has privileged access to the network. PAM includes infrastructure and apps and purposely manages access to them. Frequently, this involves using a single point of sign-on for users and a single point of management for admins.
Especially in hybrid cloud environments, a fully managed PAM program can provide guidance from strategy through steady-state management. PAM can also enable automation, analytics and optimization to secure your privileged users.
Isolation stops attackers from making any further ingress on the network and from spreading malware to other systems or devices. Security teams prepare to disconnect a host, lock down a compromised account and block malicious domains. Scheduled and/or unscheduled drills help make sure all personnel and procedures will perform adequately in the event of a breach.
As networks achieve more complexity, isolation may be difficult to execute in a real-world cyber incident. For this reason, extended detection and response (XDR) has gained significant traction.
XDR essentially gathers all the anchor tenants that are required to detect and respond to threats in one place for easier analysis. This enables the security teams to take action quickly without getting lost in multiple use cases, workflows and search languages. XDR also helps security analysts respond quickly without the need to create endless playbooks to cover every possible scenario.
XDR unifies insights from endpoint detection and response (EDR), network data and security analytics logs and events, as well as other solutions, such as cloud workload and data protection solutions. This provides a complete picture of potential threats. Meanwhile, automation is implemented for root cause analysis and recommended response, which is critical in order to respond quickly across a complex IT and security infrastructure.
If you were paying attention, you know many of these tips aren’t something you can deploy overnight. Establishing strong security is an ongoing campaign, and it will continue beyond the new year. As your strategy and tactics improve, your IT assets and resources will be safer during the holidays and beyond.
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML…
3 min readIn October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National…
3 min readThe protection of the SAP systems, as mission-critical applications, is becoming the priority for the most relevant organizations all over the world. The security hardening of SAP systems is key in these uncertain times, where threat actors start seeing SAP…
In March of 2022, a new federal law was adopted: the Cyber Incident Reporting Critical Infrastructure Act (CIRCIA). This new legislation focuses on reporting requirements related to cybersecurity incidents and ransomware payments. The key takeaway: covered entities in critical infrastructure will now be required to report incidents and payments within specified time frames to the Cybersecurity and Infrastructure Security Agency (CISA). These new requirements will change how CISOs handle cyber incidents for the foreseeable future. As a result, CISOs must…
Cyber incident response is one of cybersecurity’s most interesting and rewarding careers. It’s an in-demand role, and it pays well. But how do you get started? First, let’s start with the basics. What is Cyber Incident Response? Cyber incident response is the preparation for and practice of identifying, containing and ending cyber attacks. A computer security incident response team (CSIRT) within an organization — ideally including the chief information security officer, security operations center staff, executives and representatives from the…
Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that “it doesn’t get PC viruses”. But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we’ll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…
Each year between June and November, many parts of the U.S. become potential targets for hurricanes. In October 2022, we had Hurricane Ian devastate Florida. To prepare for natural disasters like hurricanes, organizations are encouraged to build out and test business continuity, disaster recovery, and crisis management plans to use in the response efforts. Millions of dollars each year are spent on natural disaster preparation, but natural disasters are not the only disruption businesses face. While we can’t equate the…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page