Long holidays, a season of happiness, and hope for the upcoming year all characterize the end of the year. Businesses also have a lot to be happy about during the holiday season because consumers tend to spend more money because they are more inclined to treat others and themselves to a few luxuries during this festive time. Sales for the months of November and December are expected to total $850 billion in the US alone. This holiday cheer comes with a thorn in the flesh: more chances for cyberattacks on companies.
There are a number of cyberattacks that have made headlines in the past year that indicate that threat actors enjoy holidays for the wrong reasons:
Lunar New Year – A cyberattack targeted Bangladesh Bank, the country’s central bank, ahead of Lunar New Year weekend and attempted to transfer $951 million to the Philippines
Mother’s Day – A ransomware attack at Colonial Pipeline, one of America’s largest fuel pipeline operators, resulted in fuel shortages and consumer panic during Mother’s Day weekend
Memorial Day – During the American Memorial Day weekend, JBS, the world’s largest meat processor, experienced a ransomware attack that affected North American and Australian servers, resulting in shortages worldwide.
US Independence Day – Kaseya, a remote management software company, was attacked by ransomware over the 4th of July weekend. It affected thousands of victims from at least 17 countries, which were affected via an automatic update.
Halloween – A ransomware attack targeted Ferrara Candy Co., one of America’s largest candy manufacturers, right before Halloween.
According to these news snippets, businesses across many industries have been targeted during different holidays. It is likely that these events will feature attacks against large organizations, but prominent organizations are headline-worthy. Before and during the holiday season, cyber risks rise for all organizations, no matter how large or small they are.
Why Threat Actors Love The Holidays
Cybercriminals love to launch attacks against businesses during the holidays which makes cyberattacks easier for several reasons:
Alertness is Reduced – As a result, employees are less aware of social engineering attacks such as phishing. Their chances of downloading malware are higher, or they are likely to enter their credentials into a fake website without checking for malware.
Staff Strength is Reduced – It is common for employees, including IT personnel, to take time off ahead of or after the holidays for long vacations. With fewer IT personnel on the job, there will be less monitoring and a slower response to alerts, which will make it easier for attackers to compromise devices and networks. In addition, when an attack is detected, vacationers take longer to return to work, which delays an all-hands-on-deck response to a rapidly spreading cyberattack
Attacks Have Time to Spread – As an attack spreads through an organization’s network and malware infects many devices, it can take time for it to be detected. As well, hackers take their time to identify which parts of an organization’s IT ecosystem are critical. During a long holiday, the attack can spread throughout the organization and increase its impact.
Maximum Impact on Profits – During the holiday season, many businesses experience a surge in sales and therefore are more likely to pay a ransom to resume operations since the cost of the attack may be less than the loss of revenue and reputation.
Businesses That Are Most Affected By Cyberattacks During The Holidays
While the first three reasons mentioned above can lead to an attack on any business during the holidays, businesses that are impacted by the fourth reason (impact on profits) may be at higher risk because they stand to lose more from an attack timed to coincide with their peak sales period. These primarily consist of
- Retail
- Travel & Hospitality
- Sweets & Giftables
Retail
Ecommerce
During holidays/festivals, online shopping booms because of discounts, convenience, and bonuses for employees. A ransomware attack that takes down web servers, order processing data, or warehousing systems; a Denial-of-Service (DoS) attack that makes websites inaccessible to shoppers; or a data breach that exposes customers’ Personally Identifiable Information (PII), could all ruin a business.
Brick & Mortar
Because offline shopping does not attract high-profile VC funding, it may not receive as much attention as online shopping, but it is no less vulnerable. It is possible for POS (Point of Sale) systems or inventory tracking software to be attacked by hackers and put their operations at risk. Due to the cash registers being paralysed by the cyberattack on Kaseya (discussed above), one of Sweden’s largest supermarket chains had to close all 800 of its locations.
Travel & Hospitality
Holidays give people the opportunity to travel, whether it’s to visit family or discover new places. The hospitality sector offers appealing deals to tourists, and seasonal revenue significantly boosts the annual revenue of both the hospitality and travel industries. Profitability can be severely impacted by cyberattacks that compromise payment systems, booking information, and website availability, as well as by data breaches that expose PII.
An Austrian hotel found out that ransomware attacks on the smart locks in its guests’ rooms four times in December and January is not uncommon in this sector of the cyberattack landscape.
Sweets & Giftables
Holidays and festivals are also a time when sweets, confections, and gifts are given out; suppliers can anticipate a surge in sales due to both consumer demand and corporate bulk orders. Threat actors place and complete orders in advance of festive events because they are aware that doing so requires time. In light of the earlier discussion of a cyberattack on a candy manufacturer before Halloween, it follows that these sectors should prepare for them before the festivities start.
How Businesses Can Protect Their Reputation And Revenue
Following these measures will help businesses minimize cyber risk throughout the year, and especially during the holidays:
Block Unnecessary Device Access – Cyberattackers may enter a business network through any device that connects to it, so businesses should block all devices that don’t need or shouldn’t be accessing it. These include devices that have been sent to a vendor for repair and upgrades, personal devices of employees, and backup devices. Access should be provided as needed and on a case-by-case basis after considering the business need for it. IoT products and networking devices, such as routers, printers, and IoT devices, are considered devices in this context in addition to PCs.
Revoke Unnecessary User Access – To prevent attackers from exploiting unused employee accounts, employees should have their access revoked immediately after they leave the organization. Employees should be granted access according to the principle of least privilege, i.e., they should have the minimum access privileges needed to fulfill their responsibilities, regardless of their position within the organization. When it comes to ad hoc tasks, additional privileges should be granted temporarily and revoked after completion.
Install All Patches – When vendors release patches for software and hardware, make sure you install them as soon as possible. A vulnerable operating system, application, or device can be used by threat actors to attack businesses.
Deploy Endpoint Security – Protect endpoints – Use an endpoint security solution such as eScan Endpoint Security on all endpoints, including POS and warehouse devices, to prevent ransomware, phishing, and other cyberattacks. A single unprotected device can be used to launch an attack, so all endpoints should be secured. The latest malware definitions are required in order to protect against the latest cyberthreats, and over 450,000 new threats are registered every day, so it is critical that all endpoints receive the latest malware definition updates released by vendors.
Deploy Network Security – A gateway security device, like eScan Unified Threat Management, should be deployed in every store, office, and warehouse to protect business networks from hacker intrusions and denial-of-service attacks.
Provide Training – Employees should be trained in the fundamentals of cyber hygiene, including the value of creating secure passwords and not sharing them, threat actor strategies, and how to recognise social engineering attacks that may be made against them on their personal devices and when using social media. The weakest link in the cybersecurity chain is frequently human fallibility, so cybersecurity training helps users avoid unintentionally letting hackers in.
Have IT Staff on Call – Vacation time is well deserved by IT staff, but a smaller IT team makes it more challenging to contain an attack. Make sure that crucial team members who may be on vacation can quickly return to work in the event of a threat emergency.
Secure the Supply Chain – Businesses that maintain cybersecurity in their facilities may still be vulnerable if their suppliers do not adhere to best practises. The significant data breach that occurred during the 2013 holiday shopping season was started by a refrigeration contractor. Encourage your vendors to practise cyber hygiene, and work with them to secure your company’s supply chain.
eScan Security offers international award-winning enterprise cybersecurity solutions to protect businesses in a wide range of industries. Contact us to learn more about our 24-hour-a-day, 365-day-a-year cybersecurity that protects IT infrastructure during all holidays, festivals, and seasons.
