It’s that time of year again, full of trips, presents, shopping, and get-togethers. However, it is also a time of great opportunity for hackers.
During the holidays, people and businesses are likely to let their guard down, offering ample opportunity for cyber criminals to attack.
As important as it is for individuals to keep watch for scams, businesses should do so as well.
Businesses are not spared by cyber-criminals, so says the chief technology officer of the cyber security company Performanta, Gerhard Swart.
“People spend more in holiday seasons, and retail businesses are much more active. That makes them a prime target. At the same time, many companies cool down operations and people go on leave.
“That’s also an opportunity to strike - imagine being attacked while your security executive is relaxing on the beach. Cyber-criminals look for those opportunities,” Swart warns.
According to Swart, businesses can take preventive measures to reduce their cybercrime risks. He offers the following expert advice:
An incident response plan outlines the processes, priorities, and people involved in responding to a cybercrime occurrence.
The gap in recovery time-frames and costs between businesses with and without such strategies is tremendous, notably because criminals flourish when their victims are in a state of turmoil.
The risk for disorder is increased during both holiday scenarios, busy periods and when the majority of employees are on leave.
People manipulation is a major component of cybercrime, as thieves take advantage of holiday distractions, lengthy work schedules, and remote employment.
These attempts can take the form of phishing messages, cloned cards, or even financial pressure (such as coercing an employee who is in debt).
Scammers can stage a crisis to get an executive who may be on vacation to remotely enter into corporate systems, then take their login pins.
Another example is corporate email compromise, in which criminals use phoney correspondence to modify customer or supplier bank data.
Employees, whether working or on vacation, are more susceptible over the holidays, so prepare them accordingly.
Managed Service Providers (MSPs) concentrate in developing complex systems that can be scaled and offered to a large number of consumers.
This principle works really well for security. MSPs are a fantastic method to supplement internal security while relieving the burden on your security team.
The MSP connects with company systems and employs technology and abilities to monitor for threats and data loss on a proactive basis.
MSP customers therefore receive 24-7 security monitoring from a security partner, regardless of how busy they are or how many workers are on leave.
If your systems are behind on patching or experiencing configuration issues, the holiday season can exacerbate those worries.
Consider getting struck by a ransomware assault over the holiday season, which is routed through an unpatched vulnerability on your servers.
The consequent losses may cripple or destroy the company. Consider patching before things become too hectic.
Similarly, if your organisation slows down during the holidays, utilise that opportunity to catch up on patching and configuration, as well as execute discovery audits to determine the current health of your security.
– Check integration security
During the holidays, there will be a lot of money transactions, the majority of which will go through payment providers that interact with your business systems.
These interfaces might be a tempting target for fraudsters, and it's risky to believe your service provider will handle everything.
Examine your integration and API security, and consider having backup plans in place in case a supplier is compromised.
Keep an eye on your supply chain partners as well as sloppy security may rapidly become your Christmas issue.