The holidays are an opportunity for people to take time off work and enjoy time with family and loved ones. During this period, people’s minds are turned away from work that cybercriminals plan sinister attacks.
Why During the Holidays?
Attackers will not give businesses any hassle at any point during the year. The holidays give attackers the perfect opportunity for planning and execute a successful compromise. Security researchers have registered about 29% increase in the number of attempted ransomware attacks around the globe during the holiday season. This data is consecutive years from 2018 to 2020.
There has been a reported spike of 71% in attempted ransomware attacks in November and December as approximated to January and February. Companies that are less prepared to fend off a cyberattack with employees having departed for the holiday face huge challenges.
Further, employees and other end-users often don’t think about cyber threats while opening emails and surfing the web. Most people let their guard down in one way or another as they become distracted by the prospect of enjoying the holidays or don’t have the proper knowledge about cybersecurity.
A distracted user and the mindless opening of emails to check for holiday discounts and offers give attackers the opportunity to mount phishing scams using malicious advertisements.
Severely short-staffed businesses as cybersecurity and IT professionals proceed for the vacations are at increased risk. There are fewer resources to address potential challenges, risks, and breaches when they happen.
The Cybersecurity & Infrastructure Security Agency and the FBI recently released an alert for businesses and have asked to increase vigilance against ransomware attacks during the holidays. Here is the list of the most common cybersecurity risks which may occur in the upcoming holiday season. Organizations should remain on alert in order to protect their data and operations.
Ransomware
Ransomware is the most potential threat for companies and their data in the holiday season. The risk of visiting malicious websites and getting trapped in phishing attacks might grow exponentially, posing a significant threat to businesses. Ransomware is often considered an encryption problem. However, this fault undermines the determination as well as creativity of attackers breaking into networks and then crawling through the organization’s digital environment with a goal to discover, steal and then encrypt data.
Ransomware can cause huge destruction to organizations. On average, ransomware attacks cost companies $4.62 million. This includes notification, escalation, lost business, and response costs. In addition, the hackers may demand ransom amounts.
Attackers attract users to click on malicious links carried in phishing emails or perform a drive-by attack using malicious web code through a hijacked website. Both the methods behave as a gateway leading to ransomware infection. Notable ransomware attacks which happened during holidays include Memorial Day on JBS, the meat processing giant, and the Fourth of July attack on Kaseya, an IT management software company.
Businesses can manage to take a few measures to protect against ransomware, including putting in place:
- Application whitelisting
- Least privilege access
- Micro-segmentation
- Strong password policies and breached password protection
- Phishing email filtering
What Are Phishing Emails?
Phishing emails are the easiest way for attackers to compromise the networks. A phishing email might look like communication from legitimate companies. Cybercriminals are more adapted at making phishing emails appear like legitimate emails. It includes logos, wording, images, and styling. A lack of adequate protections will make users click on malicious links leading to widespread damage. Without zero trust and micro-segmentation boundaries, ransomware will have to crawl freely within the network and damage everything that a user account has granted permissions.
During the seasonal holidays, end-users are click-happy, never take time for checking email communication closely. Attackers know this fact and send a flurry of emails in order to infiltrate an organization’s network with a phishing attack.
If you are a business and looking forward to saving the organization from cyber-attacks, train your employees about the threats. Ensure to check the sender of the mail and avoid clicking links that are malicious. With time cyberattacks are only expected to grow, the best possible way is to educate and train the team in order to deal with every circumstance.
