During the holiday season, cyber criminals are more brazen and active when it comes to attacking individuals and organizations. In fact, ransomware attacks increase by 30% during the holiday months. Why is this the case? Continue reading to learn why cyber-crime surges in the fall-winter months, what threats you may face when shopping online, and how to secure yourself.
Why the Spike?
Why do cyber criminals feel more emboldened to attack during the holiday season?
There are several reasons for this. First, users are often more distracted and easily fooled by phishing scams or other social engineering tactics during these months. Many individuals may be in a rush to purchase a Christmas present or take advantage of Black Friday deals that they click without thinking. Many criminals also take the time to set up malicious impersonations of legitimate websites in order to fool individuals and harvest login credentials or financial information. Time and effort go into making these websites look like the real thing by including actual company logos, product images, and sometimes fake reviews. If you aren't looking carefully, it can be easy to fall for these schemes. (CorpInfoTech’s Avoid Online Shopping Scans This Holiday Season blog)
Additionally, many IT professionals and employees are out of the office or on vacation. Many threat actors may be able to slip into the network undetected by taking advantage of the limited visibility many organizations have during the holiday season. This also means that it will take longer for professionals to discover and respond to data breaches. Your office may take off for the holidays, but cyber criminals do not.
Increased network traffic also increases the chance of a successful cyber-attack. With the increased traffic of online shopping, it's easy for cyber criminals to implement a successful DoS attack. A "denial of service" attack occurs when an attacker floods the server with network requests to stall or crash operations. The amount of network traffic may also make it easier for malicious traffic to slip through the cracks.
What Can You Do?
What can you do to avoid becoming a victim of a cyberattack this holiday season?
- Stay up to date on the latest scams, and phishing methods that are gaining traction. Education is the key when fighting social engineering. Every organization should be training their employees to be security assets rather than hinderances. It's not enough to just know about the dangers of phishing, but users must exercise caution when browsing online.
- Only visit websites you know are safe, and don't give over financial information to a site you don't trust or can't verify.
- As always, it's important to think before you click. Cyber criminals rely on you being distracted when you click on their malicious links.
- For IT departments that feel the stress of the holiday cyber season, making sure that the applications and tools you use are regularly patched and updated is essential. Poorly configured remote desktop protocols, open ports, and external facing servers are common entry points attackers may utilize.
- Be sure to conduct phishing simulation training to inform other departments of the risks of online shopping during the holidays.
- Prepare for an incident and take a proactive approach to security through comprehensive incident response planning. Plan ahead and implement the necessary safeguards to ensure peace of mind year-round.
How Does CorpInfoTech Help?
CorpInfoTech provides managed security and IT services for small-medium sized businesses including security assessments, vulnerability management, firewall management, and compliance help. We provide 24x7 monitoring so that your organization is secure during the holiday season.
Through EDR and XDR solutions, we provide alerts, monitoring, and logging of notable events including malware detection so that we can respond efficiently and with results. If your organization wants to take the next step in your cybersecurity journey, contact CorpInfoTech today!
CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
