As Christmas draws near, Liam Dermody, Director of Red Team at Darktrace—a global leader in AI powered cybersecurity—worries that businesses might underestimate the risks posed by cyber threats during the holiday season. He advises them to remain extra vigilant, since cyber criminals are known to take advantage of the holiday spirit and increased distractions during this period.
"Cyber criminals often target holidays, so steps need to be taken to ensure we don’t end up with something worse than a lump of coal in our Christmas stockings," warns Dermody. He adds that "The holiday cheer can be infectious but with so much on, distracted people can let their guard down. Suspicious emails can fall through the cracks and with people taking breaks, security teams may be short staffed."
According to the Office of the Australian Information Commissioner (OAIC), almost half of all Australians were affected by a data breach within the past 18 months. Also, the OAIC reports an increase in the number of reported data breaches during the last half of the year, leading up to Christmas.
In order to counteract these threats, Dermody suggests several measures that security teams should consider. To start with, testing incident response playbooks, including disaster recovery, can ensure speedier recoveries. Secondly, security teams should update their backups before going offline for the holiday break, keeping in mind that ransomware crews often target online backups to cause maximum disruption. Furthermore, establishing contact arrangements in case of an incident is advised, specifying who to contact, their contact information, availability, location, and role.
Security teams are also encouraged to develop a monitoring plan for their security tools during the break. Dermody states that many tools "allow for critical alerts to be sent to phones, emails, and applications that allow for quick investigation, so understanding who and what is being monitored is critical." An additional precaution would be consulting with various business units to understand their activity plans during the holidays.
Importantly, Dermody suggests using AI-based cybersecurity solutions to allow security teams to concentrate their efforts "on the areas where strategy and human intuition can make a difference". Partnering with cybersecurity experts is also suggested as it can help to offload some of the burden and ensure that organisations are protected during the holiday period.
Dermody concludes: "Don’t let cybersecurity become an afterthought this holiday season. Cyber criminals will take any opportunity they can get to attack your business." He warns that attackers will capitalise on times when people are most vulnerable and distracted by the festivities. "Give you and your staff the best gift possible – the gift of holidays free from cyber worry."