Most people take off during the holidays while cybercriminals get to work. Unfortunately, cyber actors ramp up their schemes during the holidays when most people have their guard down. A report by Darktrace in 2021 stated that ransomware attacks increase by 30% during the holidays compared to the rest of the year.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a reminder to stay vigilant during the holiday season as cybercriminals make plans to disrupt the networks and systems of businesses and organizations.
Unfortunately, the holidays leave networks vulnerable as people take time off from work, increase their online shopping, and get distracted. Holiday scams and ransomware are some of the most prevalent incidents that take place. These attacks can be expensive and damaging to companies of any size. It is important now more than ever to be proactive when it comes to cybersecurity for the enterprise.
Why do the holidays leave us vulnerable?
The most wonderful time of the year can be quickly turned sour by a cyberattack. The holidays leave companies vulnerable for many different reasons. Cybercriminals attack during the holidays due to the lack of vigilance people have during this time. Many employees become distracted by parties and rushed deadlines. They are rushing to get work done, forfeiting proper cybersecurity hygiene. Attackers know this and use it to their advantage.
Many company networks have increased traffic during the holidays. Cybercriminals take advantage of this and find it easier to launch an attack unnoticed. Additionally, enterprises may receive more customer information during the holidays, increasing the value of the attack. Not to mention, IT professionals are burnt out trying to maintain security and will be less likely to check alerts on their much-needed time off.
The FIFA World Cup
The FIFA World Cup brings huge cybersecurity risks. In 2022, the FIFA World Cup will take place during the holiday season because the host country of Qatar is too hot to hold the game in the summer. Since soccer is the most popular sport across the globe, the World Cup is one of the most watched games. In fact, in 2018, 3.572 billion people tuned in to watch the World Cup. With so many people streaming the game online, it is a perfect time for cyber actors to ramp up their schemes.
The increase in cybersecurity attacks during the holidays plus the FIFA World Cup means companies need to be vigilant and prepared for what may come.
Types of Attacks
The FIFA World Cup receives a lot of attention from cyber actors looking to exploit distracted fans. Many incidents occur through fictitious streaming services tricking virtual users into creating fake accounts.
Holiday scams are a major threat this year because of how easily users can fall for them. Shopping cams can happen when people purchase gifts online and those gifts never arrive. Other holiday scams include auction fraud where a product is made to look legitimate but is not what the buyer thinks they are getting. Gift card fraud can happen when a seller is asking you to purchase a pre-paid card.
There are also phishing schemes where people may be deceived by emails that look trustworthy from charitable organizations. Cybercriminals use these schemes to download malware. Unfortunately, 75% of cybercrimes happen through email.
As online shopping increases, it is easy for consumers to input their credit card information quickly and without thinking. This is why it is important to be aware of where you are inputting your credit card information. Using unencrypted financial transactions can lead to credit card fraud.
If an employee falls for any of these schemes, it can leave the entire enterprise at risk. If malware is executed, it can spread through the company’s systems. This can damage the systems and give unauthorized access to the actor, resulting in a ransomware attack.
How to Stay Safe
CISA and the FBI have released several ways you can safeguard your enterprise against an incident this holiday season. They released an article stating some best practices for staying vigilant during the holidays. The article is titled Reminder for Critical Infrastructure to Stay Vigilant Against Threats During the Holidays and Weekend.
They list these exact steps to implement before the holidays:
- Examine your current cybersecurity posture and use best practices and mitigations to manage risk.
- Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links, and conduct exercises to raise awareness.
Be Proactive
This 2022 holiday season is a perfect storm. Between Thanksgiving, Christmas, and the FIFA World Cup, the risk of a cybersecurity incident occurring is high. Extra precautions need to be taken to protect the enterprise against threats. No one wants to come back to work only to be confronted with an incident. v-TECH io wants to help you stay safe this holiday season.
At v-TECH io, we sell blocks of CISO hours which we can use to review best practices for cybersecurity. We can also make sure your network is secured even when your staff goes home. Our experienced IT professionals are here to give you the support and peace of mind you need to enjoy the holidays.
Being proactive by partnering with v-TECH io is an easy way to safeguard the enterprise. To connect with one of our experts, simply click here, fill out the form, and we will get to work.