Time away from the office — or the desk at home — is always primetime for cyberattacks.
This year had no shortage of threats: 2021 featured software supply chain hacks, ransomware attacks on critical infrastructure and exploitable vulnerabilities in devices everywhere. If a company's security operations center (SOC) is down a few experts over the break, it creates an opportunity for malicious actors to uncover and capitalize on any gaps in security. It will test processes and technology.
Cybersecurity Dive asked security professionals what they are watching over the holiday break, and what preparations they've made to boost security :
(The comments below have been lightly edited for length and clarity.)
Mike Wilson, founder and CTO of Enzoic:
Holiday PTO for IT staff can weaken your cybersecurity posture and the bad guys know this. Try to stagger time off with your cybersecurity personnel to ensure someone is still minding the store and don’t neglect to have people on call for after-hours incidents.
If your business does holiday sales via e-commerce, make sure you have mitigation and monitoring in place to detect and prevent fraud and security exposures.
Make sure all of your administration accounts that have any access whatsoever to customer PII and payment information are heavily secured, with strong passwords (a system to ensure passwords have not been exposed in any breaches is recommended by the NIST) and multifactor authentication.
Ray Overby, co-founder and CTO of Key Resources Inc.:
Legacy mainframes are actually at the center of so much of our modern, cloud-connected IT infrastructure. Take the fact that 87% of the world’s credit card transactions and most ATM or mobile banking transactions are processed through a mainframe. Large airlines and retailers hold critical user data in these systems, too.
It only takes one weak link to open a window into an organization's network, and once that happens, it’s only a matter of time before hackers can get access to all kinds of things, including the mainframe.
Vulnerabilities can be exploited in an attack on any size large corporation, and we can expect these attacks to ramp up around the holidays. But we might not even hear about them, since they're rarely publicized, unlike high-profile ransomware attacks that make headlines.
Security leaders should be mindful of the urgency of the situation for their organizations and be sure to have up-to-date security measures in place — like robust vulnerability scanning and compliance checks — as we enter the holiday break, especially as many cybersecurity staff are at home enjoying their time off.
Ron Eddings, cybersecurity advocate and creative director of education at Axonius:
When the SOC is short on staff due to holidays, vacations or staffing issues the SOC should be on high alert for identifying documentation flaws in their processes and procedures that SOC team members perform.
The best case scenario is that the technology solutions the SOC uses are performing as expected. We know that this is not always the case, which is why having detailed documentation is critical for operating a SOC effectively.
As alerts and incidents occur, members of the SOC should strive to document their workflow and tradecraft so that other team members can mitigate and remediate future cybersecurity incidents. With detailed documentation, SOC teams can also implement automation for the repetitive tasks that can be offloaded to a machine.
Matt Morris, security managing director at 1898 & Co.:
As staff members set their out-of-office messages and skeleton crews take over, security breach loopholes may become more glaring.
Some bad actors may take advantage of the season's security loopholes and orchestrate sophisticated ransomware and malware attacks on unsuspecting — or unprepared — businesses. These players live to weaponize operational technology at an accelerating pace.
The shift of focus from IT to OT targets signifies a shift from primarily data protection to something far more consequential, such as the disruption of an entity like a power generation plant or the overarching critical function of such organizations.