After prolonged periods of national and international lockdowns, summer in 2022 has been the much-anticipated opportunity for the UK workforce to leave their desks and switch on their ‘out of office’ (OOO) emails. Yet while professionals take well-earned breaks, activity within the threat landscape (and from the cybercriminals that govern it) continues, writes Rick Jones, CEO of cyber firm DigitalXRAID, pictured.
In fact, bad actors often use the summer months and holiday period as the perfect opportunity to target an organisation when it is least prepared.
It is within these ‘quiet’ months – with less security staff on call, or more teams working from home and less vigilant with their cyber hygiene – that ransomware attacks can cripple an enterprise. This is how timing has become critical to cybersecurity in recent years, and why cyber awareness training and consistent threat monitoring 24/7/365 is so important.
Why timing matters
A number of recent cyberattacks point to criminals using timing tactically to cause the most damage to an organisation. The recent cyber incident at Yodel occurred over a weekend, increasing the disruption of its UK deliveries. It follows a trend of similarly timed attacks, including one against professional services and insurance company AON. Just as hackers evolve their techniques and develop more sophisticated ‘spear phishing’ campaigns and more complex, personalised scams, they are also now identifying the very best time for a breach to wreak the most havoc. The greater disruption and the more issues for business continuity, the higher the reward for ransomware operators.
Out of Office best practice
Cybercriminals can even identify the exact days and weeks that an organisation is most vulnerable across the holiday period. The traditional OOO email often shares information about a team member’s schedule, including the time period they plan to be away and who to contact in their place. While this is helpful to colleagues and clients, it is also invaluable for those with malicious intent. A simple OOO can provide all the information a hacker would need for Business Email Compromise (BEC). This form of cyberattack refers to an attempt to scam employees into fraudulent activity, be that wiring money or sharing confidential information or credentials, by impersonating someone else within their organisation.
The risk of BEC is growing in an age of remote working and BYOD (Bring Your Own Device) policies. With personal devices typically less secure than work-issued laptops, and users often less vigilant when working from home, organisations are exposed to compound risk. Executive decision-makers should be driving home the importance of strong cyber hygiene and OOO best practice. This includes ensuring that external and internal OOO emails differ, neglecting to include any specific information around the location of your holiday and the length of time you’re away, and including only basic details about who to contact in your absence.
Staff training and consistent threat detection
If the workforce is aware of this best practice around OOO emails, it becomes much harder for criminals to gather the information they need to conduct successful BEC attacks. This same concept applies across the entire cybersecurity landscape; people within an organisation can become an excellent and effective first line of defence, but they must be well-informed and educated on how they can reduce risk. Around the summer and Christmas holiday periods, business leaders should ensure their teams are reminded of the heightened risk to cybersecurity and the importance of best practice with OOO emails. This reminder can also be paired with updates on the current threat landscape from IT and security teams, including the latest scams that are targeting similar organisations.
To support teams in mitigating risk, enterprises need to be monitoring, detecting and remediating threats across their network at all times. Hackers do not take time off, so neither should an organisation’s defence system. However, for smaller businesses, there is likely limited budget and resource for cybersecurity. That’s why many turn to trusted security partners for support. For example, by working with a third-party team of experts and an outsourced Security Operations Centre (SOC), all incidents can be investigated and neutralised before they can cause damage, on a smaller budget than if it was all done in-house.
The threat landscape is such that no organisation’s cybersecurity can afford to have a day off. Yet the UK workforce deserves peace of mind and a well-earned holiday. By deploying OOO best practice, recognising the value of an educated team, and outsourcing to the security experts, it is possible to stay one step ahead of hackers every day of the year.
