Interviews

Christmas hackers

by Mark Rowe

Stephen Crow, pictured, Head of Security & Compliance at the cloud service UKFast discusses how to protect yourself from festive attacks.

There is nothing more enjoyable during the Christmas holidays than putting work on silent and celebrating the season with family and friends. Hackers love it too – so much so that law enforcement agencies issued new warnings cautioning companies to watch out for ransomware attacks during holidays and weekends. And given that cyber attacks are accelerating at an alarming rate already, with UKFast’s Security Team reporting 407 million fraudulent login attempts on customers in the last month, the attacks are only going to get worse. This makes Christmas all the more enticing as opportunistic cybercriminals can fly under the radar while key personnel focus on present exchanges rather than present risks.

Hackers know they’ll have at least three days, if not more, to successfully propagate their ransomware through a network. And considering companies are more likely to pay up quickly during the holidays than other times in the year, the risk/reward ratio is high enough to make any hacker’s eyes light up on Christmas morning. So how can IT leaders prepare for cyber threats such as ransomware? And how can they ensure they’ll be ready to protect themselves with the right security measures?

Good things come in multi-layered packages

According to the Identity Theft Research Center, data breaches increased 17 per cent in 2021, with phishing and ransomware as the two most popular types of attacks. This makes 2021 a record-breaking year for data compromises, meaning a single layer of defence against threats is no longer fit for purpose. An organisation might as well gift wrap their business data to a hacker.

If anything, cybersecurity should be seen like an onion – or in keeping with the holiday theme, a Christmas trifle – where multiple layers ensure a robust system with proper security at every layer. And that needs to apply to every part of your company’s data even if it’s not considered valuable. Starting at your perimeter, you need to utilise intrusion detection tools to identify unwanted reconnaissance scanning. This will provide continuous insight into the type of automated attacks that your infrastructure is facing and where you need to focus on preventative measures.

Then to identify any public facing flaws in your applications or infrastructure that could be leveraged by hackers, you need to have a strict vulnerability management system in place. This should ideally be managed in real time, or if not, at least on a weekly basis. By continually scanning for vulnerabilities in your applications or infrastructure and patching them as quickly as possible, the risk of being compromised is significantly reduced.

But that’s not where it should end: vulnerability management in your internal infrastructure is also critical as hackers can use any internal weakness to compromise your system even further – whether it’s gaining control over system permissions or obtaining access to secure admin rights.

As we move even further into layers of defence, it’s vital that you have intrusion detection systems built into every element of your infrastructure. These can be managed by your own in-house security experts, or by an external team of expert engineers based in a Security Operation Centre (SOC). Their aim should be to continuously improve the detective capabilities of your systems, tools, and applications to avoid false positives – or worse, false negatives – and enable your company to get ahead of any cybercriminal’s attempts. In fact, employing this approach could save you as much as $570,000 this Christmas by preventing a ransomware attack.

Don’t let Christmas come early for hackers

Cyber threats are never-ending: even if one attack fails, there’s another right behind it to test your systems. And with the holidays coming up, being on guard has never been more important. Unfortunately, preparing for potential attacks isn’t something you can leave until the week before Christmas. By then, it’s already too late. Cybercriminals tend to target companies when it’s least expected and lie dormant until the most opportune moment. This is why it’s paramount to get ready now.

While cybersecurity best practices call for the use of strong passwords and ensuring your software is up to date, getting your multi-layered defence up and running well before it’s actually needed is key to a strong defence. A skilled IT team with the right experts can usually manage it, but it can prove a challenge to many small and medium businesses who might not have a large enough team in place. For those companies, an external managed security service can bolster your internal team and ensure your multi-layered defence is ready to go. After all, no company wants to be on a hacker’s ‘naughty’ list this Christmas.

Related News

  • Interviews

    Balance for women

    by Mark Rowe

    International Women’s Day centres around the theme of #BalanceforBetter. I am thoroughly behind this message as I think it’s particularly adept in…

  • Interviews

    Trust and GDPR

    by Mark Rowe

    GDPR could be the key to re-building customer trust, writes Adam Maskatiya, UK and Eire General Manager at the IT security product…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing