Imagine if Santa’s workshop were brought down by a ransomware attack in December — children around the world would be disappointed. A multitude of holidays between Thanksgiving and New Year’s creates an optimal opportunity for cybercriminals, with government reports confirming an onslaught of cyberattacks during this period.
This article explores how organizations can prepare for the annual surge in threats when the fiscal year is ending, workloads and stress are high, and fewer security professionals are available.
The Consequences of Failing to Prepare
In 2023, website attacks quadrupled from 15 million in early November to 60 million on Black Friday. More than half of all retailers report being at increased risk during the 2024 holiday shopping season. A recent example highlighting the consequences of seasonal attacks is the case with Stop & Shop and Hannaford grocery stores that serve the northeast U.S. — they were struck by a ransomware attack that left shelves empty days before Thanksgiving.
Why Threats Increase During the Holidays
A primary reason for the spike in attacks late in the calendar year is the increased business activity. According to the National Retail Foundation, holiday sales in November and December account for about 19% of total retail sales, with some sectors reaching as high as 34%. While retail and e-commerce platforms are obvious targets, logistics companies, financial service firms, and even non-retail sectors like healthcare also face heightened risks from cyberattacks. Reduced IT staffing during the holidays, coupled with high traffic volumes and employee stress, creates an ideal opportunity for cybercriminals.
The Most Common Holiday Threats
The following types of attacks tend to increase during the holiday season:
- Ransomware – Attackers encrypt a victim’s files and systems, rendering them inaccessible, and demand a ransom payment for the decryption key. Cybercriminals increase these attacks during the holidays because they know businesses have more to lose during this period, so they are more likely to pay the ransom.
- Phishing – Attackers use deceptive messages to trick recipients into revealing sensitive information or clicking malicious links. During the holidays, the increased volume of online shopping activity and promotional emails make individuals more likely to fall for these malicious messages.
- Social engineering – Attackers exploit human psychology to manipulate victims. Since people are more emotionally vulnerable and susceptible to manipulation during the holiday period, social engineering attacks increase.
Preparing for the Holiday Crunch
Organizations must prepare for the heightened risks during the holidays. This includes ensuring the security fundamentals are in place, raising user awareness about risks, and minimizing the impact of reduced staffing.
Cover the Basics
There is no such thing as a completely secure state. Cybersecurity is a continuous process that requires constant attention and adjustment to changing technologies and the evolving threat landscape. However, it’s a good practice to check that the following fundamental processes are in place and working properly as the holiday period begins:
- Patching — Security specialists should double-check that security patches are being applied according to the organization’s policy and system priorities.
- User authentication — It’s also important to check for passwords that are known to have been compromised in other breaches; if any are found, require users to change them. To further reduce risk, implement multifactor authentication (MFA) for access to critical systems and applications.
- Enforcement of least privilege — Organizations should ensure that each user has only the access rights they need to perform their job functions.By adopting a modern privileged access management (PAM) solution, organizations can minimize elevated privileges or remove the riskiest accounts completely.
- Automated monitoring — Ensure the security team can promptly spot abnormal activity throughout the environment and that alerts provide all the necessary context for effective triage and quick response.
- Incident response plan (IRP) — Year-end is a great time to rehearse the organization’s IRP. This exercise enables organizations to identify and remediate issues and also ensures that everyone is aware of their role in the process. Some organizations prefer to augment their security staff and have third-party incident response services available on-call, especially during the holidays.
- Backups—Incidents do happen, so organizations should store their backups out of the reach of malware and thoroughly test and practice their recovery processes.
Educate Users
Users are the first line of defense in any cybersecurity strategy. Each phishing or social engineering attempt that they thwart reduces the organizational risk. During the busy holiday season, organizations should train users to recognize threats and tailor guidance to the specific risks faced by each department. Additionally, business leaders should promote holiday awareness campaigns.
Plan to Execute with Reduced Staffing
IT and security specialists also need to rest and enjoy the holiday time with their loved ones, so organizations need to evaluate their staffing plans to ensure adequate coverage during this season. They should pay attention to unique expertise or skill sets that need to be covered, and have a backup plan for urgent situations.
In addition, it’s important to establish clear communication channels that enable rapid coordination if normal communication chains are interrupted. During a security incident, every second counts, so it’s crucial to make sure you have a plan to minimize decision-making delays and have external investigators primed to assist promptly if needed.
Ilia Sotnikov is Security Strategist & Vice President of User Experience at Netwrix. He has over 20 years of experience in cybersecurity as well as IT management experience during his time at Netwrix, Quest Software, and Dell. In addition, Ilia is a regular contributor at Forbes Tech Council where he shares his knowledge and insights regarding cyber threats and security best practices with the broader IT and business community.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.