Cybersecurity solutions provider, Check Point warns of the heightened risk of cyber attacks during the holidays, the reason behind this and what companies can do to protect themselves.
While the festive season is a time of joy and celebration, it also brings with it a heightened risk of cyberattacks. As most employees wrap up for the year and sign off from work, cybercriminals are preparing to distribute their own ‘gifts’ of disruption.
This pattern of behaviour has been observed before, with the most notable incident being the SolarWinds breach that took place between Christmas and New Year in 2020. This breach, which targeted the company’s Orion software, compromised thousands of clients globally, including key government agencies and top-tier corporations. The orchestrated campaign was not only a wake-up call for IT professionals, but a vivid reminder of the cybersecurity vulnerabilities that emerge when the usual vigilance wanes during the holiday season.
This time of year provides the perfect scenario for cybercriminals. Reduced staffing, delayed response times, and the general complacency that comes with the festive season create an ideal environment for attacks. To ensure smooth operational continuity during the high-activity holiday season, many organisations adopt a ‘change freeze’ on their IT systems. This is where planned updates to the IT environment are postponed while other priorities are taken care of, which inadvertently creates gaps in cybersecurity. Essential updates and patches are delayed, leaving systems exposed to known risks. The SolarWinds incident is a stark example of how such vulnerabilities can be exploited, highlighting the need for a more nuanced approach to IT management during these periods.
The festive season often coincides with reduced staffing levels. This decrease in personnel substantially affects the ability to effectively monitor, detect, and respond to emerging cyber threats. Not all companies have a third-party Security Operations Center (SOC), let alone one in-house, and many Secure Operation Centers (SOCs) only run during business hours. This lack of continuous monitoring becomes even more apparent at the end of the year, as was evident in the SolarWinds case.
The holiday season creates a surge in phishing scams, aimed at exploiting the general atmosphere of urgency and distraction in organisations. The “Phishmas: Direct Deposit Scam,” reported by Avanan, a Check Point company, is an example where attackers used this time of year to impersonate employees and make changes to financial transactions. In this scam, attackers posed as employees asking HR or their managers to change direct deposit information, redirecting payments to the fake account. These scams are particularly insidious during the holidays and require heightened awareness and preventive measures.
The consequences of these breaches are far-reaching. Beyond the immediate financial impact and data loss, companies suffer reputational damage and eroded customer trust. In the case of SolarWinds, the cost implications in the first nine months following the attack reached upwards of $40 million, which was partly offset by cyber insurance but still had a significant impact on the organisation. The aftermath of an attack often involves costly remediation and heightened regulatory scrutiny, making it a long-term challenge. The solution is a shift to a more proactive mindset in IR.
Too often our IR Team sees victims operating reactively once an attack is in progress. Sometimes they are not contacted until days later when evidence has already been destroyed or contaminated during remediation efforts. With proactive IR, you can identify what needs protecting, where the vulnerabilities and weaknesses lie and how to deal with them and any associated risks.
Ensuring cybersecurity during the holidays is crucial for businesses as the increased online activity often attracts cybercriminals seeking to exploit vulnerabilities. Here are some tips to help businesses stay cyber safe over the holidays:
Conclusion: Embracing a dynamic approach to cybersecurity
The SolarWinds incident is a powerful reminder of the persistent nature of cyber threats, particularly during the holiday season. Recognising that cybersecurity is a continuous process is key to countering these evolving threats and safeguarding organisational assets. Organisations should adopt a preventative approach including regular system updates, comprehensive employee training, and stringent security protocols to ensure robust defence mechanisms against the unique challenges of the festive period.