You Better Watch Out

Approaching holiday season is the most wonderful time of the year for cybercrooks and scammers.

For all the joy and goodwill surrounding the holidays, it has unfortunately also become the high season for cybercrime. Industry analysts and law enforcement officials say cybercrime increases by as much as 60 percent between November and January. That’s because people tend to be a little more distracted and less vigilant than usual.

While most holiday scams target individual consumers, many attacks can ultimately impact business systems. Employees who shop or conduct personal business on their work computers or on home computers connected to the corporate network can inadvertently expose business-critical systems and data to malicious actors.

According to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals often target businesses during the holidays when offices are short-staffed and response times to cyber events are likely to be dramatically reduced. That increases the likelihood that threats will remain undetected for extended periods, stealing sensitive information, conducting espionage or disrupting operations.

Season’s Cheatings

In a 2022 Cybereason survey of more than 1,200 cybersecurity professionals, 89 percent reported their organizations had experienced a cyberattack during the holidays when IT security staffing levels were reduced by as much as 70 percent.

“Ransomware actors tend to strike on holidays and weekends because they know companies’ human defenses often aren’t as robust at those times,” said Lior Div, Cybereason CEO. “It allows them to evade detection, do more damage and steal more data as security teams scramble to mobilize a response.”

While cybersecurity is a year-round process, businesses should take extra steps to protect their employees, devices, data and other corporate resources during the holidays. Here are eight steps businesses can take to reduce their exposure:

1. Conduct awareness training. Training should emphasize three essential practices — don't open emails from senders you don't recognize, don’t click on email links if you aren’t sure they’re legitimate, and don’t open email attachments unless they’re expected and come from a trusted source.
2. Restrict user permissions. Limiting employees' ability to install and run new applications minimizes the risk that they'll inadvertently download. Least privilege access policies ensure users can only access the systems and data needed for their jobs. This helps prevent malware from spreading through a network.
3. Filter email. Ransomware, viruses and phishing attacks are commonly delivered by email. Email filtering solutions block malicious content before it reaches users. We also suggest using DNS filtering, which blocks access to malicious domains, IP addresses or cloud applications before a connection is established.
4. Authenticate email. Domain-based Message Authentication, Reporting, and Conformance (DMARC) leverages the Domain Keys Identified Mail (DKIM) and Sender Policy Framework (SPF) protocols to authenticate emails. DKIM attaches an encrypted verifier to the header of an email to prove it’s from an authorized domain. SPF provides a mechanism for organizations to allow their emails to be verified.
5. Implement phishing-resistant MFA. Multifactor authentication solutions require a combination of verification factors rather than a password alone. This helps prevent unauthorized access to applications, systems and services. Phishing-resistant MFA based on FIDO/WebAuthn authentication standards offers stronger protection by replacing passwords with hardware-based keys with cryptographic protocols.
6. Enable real-time scanning. Enable your antivirus software’s real-time scanning feature to detect malware before it can infect a system. This will analyze files and programs as they are copied to a system to prevent the user from unknowingly becoming infected.
7. Boost endpoint protection. The latest endpoint security tools deliver multiple security measures across all endpoints. Tools such as ransomware protection, memory inspection, encryption, vulnerability shielding, browser exploit prevention, web threat protection and more are delivered via a lightweight client that can be centrally managed and easily updated.
8. Monitor and analyze network traffic. Robust monitoring tools allow IT teams to detect unusual patterns or suspicious activities promptly. Quick detection is essential for minimizing potential damage.
9. Segment the network. Segmentation divides the network into smaller, isolated parts with unique security controls for each segment. This prevents malware introduced through an endpoint device from spreading throughout the network.
10. Prepare an incident response plan. In the event of a cyberattack, a well-defined plan ensures a swift and organized response, minimizing the impact on your business operations. Be sure to address communication protocols and steps for data recovery.

As the holidays approach, organizations must be prepared for the unwanted gifts that cybercriminals will be sending their way. Proactive measures to thwart malicious activity can help make the season bright for businesses, their employees and their customers.