Are Companies Unprepared For Ransomware Attacks On Weekends And Holidays

BACKGROUND:

In response to reports that a new study produced by Cybereason found that organizations are significantly more vulnerable to ransomware attacks during weekends and holidays, Information Security Expert offers the following comment.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
November 18, 2021 1:27 pm

<p>Ransomware and other cyber attacks over the holidays are major concern for many organisations, but as criminals apparently evolve and update their tactics on a frequent basis, it can become overwhelming as to how organisations can or should protect themselves.</p>
<p>Organisations should review external sources of threat intelligence as well as internal incident logs to determine accurately what tactics criminals use and where they have gaps in their posture. In many cases, criminals are successful in attacking organisations either through social engineering attacks, by exploiting weak credentials, or unpatched vulnerable systems. </p>
<p>By focussing on these key areas, particularly raising security awareness among staff, partners, and customers, can help reduce the risk greatly and help organisations take time off during the holidays and sleep better at night.</p>

Last edited 10 months ago by Javvad Malik
Chris Clements
Chris Clements , VP
InfoSec Expert
November 18, 2021 1:19 pm

<p>Ransomware gangs often time the “impossible not to notice” final part of their extortion campaigns for holidays and weekends to minimize the possibility of detection. Cybercriminals understand that most organizations operate with skeleton crews of mostly junior staff or even purely on call during these periods that can give them several hours to inflict maximal damage even if detected by an antivirus or monitoring system. The crucial thing to realize is that no one tool is a silver bullet for preventing or responding to a cyberattack. Rather, it requires a cultural approach to security for an organization to defend against modern threat actors. It requires a holistic approach including skills and awareness training, a review of all areas of the organization that could lead to security vulnerability and layered defenses that assumes one or more primary security controls has failed or been bypassed by the attacker in forming a protective strategy.</p>

Last edited 10 months ago by Chris Clements
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x