Stay On The Lookout for Cyberattacks This Holiday Season
Cyberattacks are a threat year-round, but some threat actors take advantage of the holiday season. The end of the year is full of distractions, giving potential attackers a lot of opportunities which may result in very costly attacks. Make sure you know what to look for this holiday season:
Opportunities for cyber threat actors
For businesses, a major reason why cyber threats are especially worrisome during the holiday season boils down to the human factor — namely, a shortage of human capital and a myriad of distractions as the end of the year approaches.
Many opportunities for cyber attacks arise during the holiday season, resulting in increased attempts in a variety of ways. During this time, there is often fewer staff around to detect or respond to threats, and some businesses pause operations for additional or extended periods of time.
Not only could employees try to wrap up loose ends within the business, potentially end-of-year fatigue, increased marketing emails at the end of the year and other distractions during the holidays, causing less attention to detail elsewhere.
Any combination of these shifts in attention creates gaps in security that malicious characters can fit into.
Phishing emails and fraudulent websites
With an influx in marketing emails, shipping updates and tracking numbers, it’s easy to lose track of what information we should be paying attention to. This provides an easy opportunity for scammers to impersonate retailers and shipping companies in order to get the information they are seeking.
FedEx, UPS and DHL as well as some retailers are often impersonated via email.
Some scripts may mention an update on your shipment, or a problem with your package or delivery. These emails would direct the recipient to click on a malicious link where they are required to enter login credentials or credit card information. If given the login credentials, attackers could use this to access more sensitive information, such as personal or corporate bank accounts or credit card information.
More importantly, phishing emails may also be used to plant malware or ransomware in an organization's computer system, even if the scam was sent through a personal email account. If scams are sent to personal accounts, but accessed on work devices, the corporate system remains at risk.
All of the above is why we must remain vigilant throughout the holidays and pay close attention to our personal and corporate emails this holiday season.
Relaxed Security Hygiene
In addition to holiday phishing scams, there are other opportunities attackers may test this holiday season.
Multi Factor authentication (MFA) has become so common, now being suggested or required by every corporate or personal account, many users respond to authentication requests without taking the time to confirm that a request is genuine.
If hackers have stolen login credentials, they may engineer what is an MFA scam. Here, an attacker would attempt to login to a corporate network (maybe even more than once) leading to an individual receiving one or more notifications on their mobile device to allow access. The attacker would count on the individual allowing access before realizing their mistake, which could cause serious damage to an organization, even if IT caught and responded to the infiltration quickly.
Individual fatigue may not be the only opportunity for a threat to gain access to a corporate network. Towards the end of the year, employees may overlook system updates and software patches. These can be missed due to reduced staff, certain employees taking paid time off, prioritizing other work before the holidays or just the mentality of keeping that task for the new year.
Preparing for and responding to attacks
What can be done to minimize potential cyber threats? The easiest, and maybe the most important step in mitigating risk during the holidays is to conduct phishing simulation testing and training. This will help employees learn to identify what to look for and how to respond to potentially malicious emails.
Employees should be trained to look for malicious attachments, links, and senders, and tested often, not just during the holiday season to minimize potential risk.
If an employee does fall victim to a phishing attack, it should be reported to IT support immediately to initiate a response plan. An organization’s response plan should be up to date, and reviewed frequently as attackers are constantly changing their tactics.
Not only should your employees be tested and trained for phishing attacks regularly, but your security strategy could include a Managed Threat Response that scans your network even when your employees are’nt looking. Managed Threat Response is a process that scans your system for anomalies on your network from a dedicated, offsite operations center keeping an eye on your system 24/7 so you can sit back and enjoy your holiday season.
Contact Matthijssen today for a consultation on how you can mitigate cyber threats this holiday season, or improve your security strategy for the new year.