The holiday shopping season is now at full throttle, and so is the risk of a cyber-attack. Threat actors often get to work during the holidays. IT staff is heading out for vacation, and everyone is in a hurry. This means we might skimp on security. Still, there are some holiday cybersecurity tips that will help make the season go smoothly. Today we would like to share some common sense, and very valuable tips by Jonathan Reed.[1]
During the holidays, online shopping and overall activity dramatically increase's. Deloitte forecasts that e-commerce sales will grow by 11-15% year-over-year. This will likely result in e-commerce holiday sales reaching between $210 billion and $218 billion this season alone. All this digital store shopping creates openings for many threat actors.
Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) sent out an alert concerning ransomware awareness for holidays and weekends. Obviously, you cannot overhaul your entire cyber defense strategy before the end of the year, but some useful holiday cybersecurity tips can make a difference. First, let us explore tactics you can implement right now. Then, let’s take a look at the big picture perspectives to improve your long-term cybersecurity.
Holiday Cybersecurity Tips for Right Now - Here are actions you can execute right away to beef up your cybersecurity during the high-risk holiday season:
Tip 1: Be Extra Cautious with Email. Distraction is the cyber criminal’s best friend. It is best you use work PCs only for work— no online shopping or personal email allowed. This applies to remote work as well. If employees toggle back and forth between work and gift buying, the risk of clicking on a malicious link drastically increases. If a great shopping deal suddenly appears on their browser, a user may click before thinking twice.
Credential phishing and ransomware attacks tend to rise during the holiday season. Everyone should be extra careful about any email promoting special holiday offers and deals. These attacks are highly refined, with the look and feel of an authentic email from big-name brands. If it looks too good to be true, it most likely is a lure. Bogus emails with a malicious link or attachment could quickly unleash ransomware into your network. Phishing attacks can also be sent via SMS, instant messaging and social networks. Immediately alert your company about these simple, yet dangerous risks. Remind them to carefully scrutinize any email that contains links or asks you to download anything.
Tip 2: On-Call IT Security Staff. With IT staffs often on vacation, fewer eyeballs are on screens to keep track of malicious issues. If you find your site down during the holiday break, do you have a backup plan in place? At a minimum, who gets called in the event of an after-hours emergency? While this may not prevent an attack, it pays to have IT security staff on call in the event an incident occurs.
Tip 3: Threat Hunting. The FBI and CISA encourage businesses and agencies to engage in preemptive threat hunting. This involves searching for signs of malicious movement to stop attacks or reduce damage after a successful breach. Threat actors can remain hidden in your network long before anyone detects them. Unseen for months, they can steal large amounts of data. After they take sensitive data, threat actors can then encrypt critical files to be later held for ransom. In the near term, review your data logs and scan for suspicious activity. If possible, check for repeated failed file modifications, increased CPU/disk activity, inability to access files and abnormal network communications.
The CISA also says to watch out for the following when threat hunting:
- Unusual inbound and outbound network traffic
- Unauthorized escalation of account permissions
- Substantial increase in database read volume
- People logging in or accessing systems from outside their usual location
- User activity or attempted login during odd times.
Holiday Cybersecurity Tips for the Long Term
When you return from the holidays, these actions will improve your overall security by a lot. Do not put it off until it is too late.
Tip 4: Set Up Offline Data Backup. Ransomware attacks encrypt critical data files so you cannot access them. Even if you pay the ransom, there is no guarantee the attackers will decrypt your files. It is important to have an offline data backup of your most important files. Resist the temptation to have your backup located somewhere else on your network. Many ransomware variants will seek and delete or encrypt accessible backups. Consider scheduling your backup update and testing to be completed before the holidays every year.
Tip 5: Update, Scan & Patch Software. When it comes to software and applications, it is important to install the latest updates. Threat actors are always on the lookout for newly discovered vulnerabilities to exploit. If you have outdated (end-of-life) software, you could be exposed to weaknesses with no update. It pays to develop an unpatched vulnerability plan, which begins with risk prioritization. Vulnerability assessment and scanning may reveal thousands of weak spots, but you cannot fix them all at once. Instead, you should focus on the ones near mission-critical systems and internet-facing servers. A centralized patch management system with risk-based assessment is critical to creating an effective and efficient patch strategy. Finally, complete scheduled vulnerability testing to make sure your patches are working and to scan for new weak spots.
Tip 6: Implement Identity & Access Management. The who, what, where and when of user access to networks is the essence of identity and access management (IAM). At a minimum, IAM keeps track of logins and permissions, but there is so much more to it. For example, how do you manage access for employees, customers and partners all at the same time? Plus, the level of access for each employee may vary depending on their jobs, which adds to the complexity. With the help of artificial intelligence, IAM enables you to monitor and manage your entire user access ecosystem. Through context-based analytics, IT security teams have more precise control and insight into who’s logging in where, and when. This enables the rapid detection of anomalies without having to deploy cumbersome or strict access policies for every single user.
Tip 7: Secure Your Networks. Another threat mitigation tactic the CISA suggests is to secure your network(s). One can start with multilayered network segmentation. With this method, the most critical messages occupy the most secure and reliable layer. A user can also protect network traffic flow by filtering out malicious IP addresses. Likewise, staff can prevent users from accessing malicious websites with URL block-lists and/or allow-lists. Finally, scan your network for open and listening ports and close any unneeded ports.
Threat Management Is Year-Round
Threat management is not just a holiday thing. An organization needs to protect critical assets and manage full threat life cycles. An intelligent, integrated unified approach can help you detect advanced threats, respond quickly with precision and recover faster from disruption.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and offers proactive solutions to protect your networks. Cyber intelligence is a needed key for your overall cyber security. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://securityintelligence.com/articles/holiday-cybersecurity-tips/
Comments