Like it or not, Fall is right around the corner, and the holiday season will soon follow. The Labor Day weekend that kicks off Sept. 1 may be a perfect time for companies to shut down and revel in one last dose of summer fun. But it’s also a perfect time for threat actors to take advantage of companies that have let their guard down for three or four days.
Two summers ago, for example, the REvil ransomware gang hit more than 1,000 companies on July 2 — at the start of a four-day weekend — with a vulnerability in Kaseya’s remote monitoring software. Timing the attack for the beginning of the Independence Day holiday was an effective way to mute a forceful response.
A holiday weekend might flatten the attack surface for a company since employees are out of the office and not checking emails or using systems, but it also means there are fewer members of the IT staff on hand to detect and respond to an attack. Particularly with small and midsize companies, where small IT staffs are already overstretched, holidays present an opportunity for attackers to launch ransomware or other attacks before companies know what hit them.
Whether it’s Labor Day, the upcoming winter holiday season, or any other long weekend on the calendar, companies need to ensure their ability to detect and respond to attacks at any time, regardless of the IT and security staff on hand. Even though many may enjoy this time off, the threat actors may be hard at work.
Proactive steps to reduce the attack surface
Every organization needs to have a thorough and effective incident response plan in place, clearly outlining how it will prepare for, identify, contain, eradicate and recover from an attack. A response plan, of course, is a year-round blueprint. In case of extended holidays when security staffing is light, you can take extra steps to limit the attackers’ ability to get into the network.
The proactive steps an organization can take include:
- Limit network access. Consider temporarily shutting off system access to non-essential personnel. There are pros and cons since, depending on the business, some employees may need access at unusual hours. But it is a step to consider. Enabling login restrictions is one way to force employees to relax and unwind while lightening the load for your IT and security staff.
- Let SOAR do its job. Tune Security Orchestration, Automation and Response (SOAR) tools to automate more tasks than usual while the company is closed for business. Since most employees will be logged-off during a holiday weekend, organizations can ratchet up a SOAR system’s actions with less of a concern that employees might trigger a false alarm and lock themselves out.
- Hold off on upgrades. A core aspect of security is availability, so it’s best to hold off on any major, potential system-breaking updates and upgrades until after the holiday unless you know that there will be enough IT staff members or provider personnel on hand to manage an emergency or intervene if anything goes wrong.
- Spread the word about holiday phishing. In advance of the holiday, it’s a good idea to warn employees to be on the lookout for holiday-related phishing attempts, perhaps by offering training with examples of what those phishing attempts may look like. Threat actors are known for using fake holiday sales and offers to lure people into clicking on malicious links. Attackers also exploit holidays — especially the winter holidays — to conduct a range of other scams. The FBI offers tips on recognizing and avoiding scams, including credential theft, potentially leading to business asset compromise.
Managed services are a year-round option
In an ideal world, businesses and other organizations would always have a fully staffed security operations center (SOC) on the job to respond to attacks. But most businesses, particularly small and midsize businesses, don’t live in an ideal world. For them, precautionary steps can help protect systems during long holiday weekends, but they also may want to consider bolstering security with a third-party service, such as managed detection and response (MDR).
Cyber threats operate globally and persistently any time of day or night, all year round. MDR services can provide continuous monitoring, analysis, detection and remediation, as well as full visibility into an organization’s network and infrastructure. MDR also can be paired with a virtual SOC to enhance quick response and recovery.
For mid-market organizations with limited IT and security resources, outsourcing 24/7 coverage with MDR can help secure systems against sophisticated attacks throughout the year, holidays included, and greatly extend their in-house cyber capabilities. That’s one of the big reasons why MDR is such a fast-growing market.
Before leaving, make a final check
Before leaving for a long weekend or holiday, IT and security staff should have a checklist, much like checking their tires and wiper fluid, before embarking on a road trip. A checklist should at least cover the basics, such as:
- Are (automated) backups in place?
- Is our incident response plan up to date?
- Who is on-call if a security incident does happen?
Make sure they have proper call chains and procedures set up, including disaster recovery plans, backups and incident response plans.
Holidays are a time to relax, not worry. Taking precautionary steps to protect systems when employees — including IT and security staff — are away from the job can help ensure that everyone is able to get the well-earned rest they deserve.