In the final weeks of the year, as many staff and customers head off on summer holidays, business activity tends to slow down.
In Australia, it’s a condition that can often stretch until the end of January. Unfortunately, however, the same cannot be said for cybercriminals. Indeed, past experience shows that many take advantage of quieter times, when staffing levels are lower, to launch concerted cyberattacks.
For them, the logic is simple. When there are fewer staff on hand, it can be easier to initiate an attack undetected. IT and security teams are likely to be smaller which means there’s a chance that signs which would have been spotted during the year go unnoticed.
Within many organisations, junior staff are often rostered on to cover holiday periods while their senior colleagues take a break. Their lack of experience could lead to an incorrect response being made to an attempted attack or security tools being misconfigured.
In some cases, cybercriminals have been using the holiday season as a hook in targeted phishing attacks. There have been incidents where attackers have impersonated an organisation’s human resources department and sent misleading emails to staff.
Those emails may encourage staff to click on a link to ‘confirm their holiday dates’. However, when they do so, it asks them to confirm their username and password, thus giving the attacker valuable credentials that can be used to gain unauthorised access.
Known as business email compromise (BEC) attacks, they can be surprisingly convincing and may result in the attackers gaining easy access to an organisation’s IT infrastructure.
Protecting against attacks
Thankfully, there are some practical steps that organisations can take to reduce the likelihood they will fall victim to holiday-themed phishing attacks. They include:
Conducting comprehensive user training:
Experience shows that user awareness training is one of the most effective security measures an organisation can take. Schedule training sessions that clearly explain the types of threats that exist and the practical steps that can be taken to avoid falling victim.
Such training is particularly important as industry research has found more than half of employees use personal mobile phones for work when on holidays. This means that, as well as being targeted by phishing campaigns, they may also be exposed to ‘smishing’. This is when attackers send SMS messages to their targets encouraging them to click on an included link. For this reason, it is important for organisations to establish safe mobile working practices for all staff.
Ensure staff are able to recognise phishing messages:
In addition to impersonating departments such as HR, cybercriminals also pretend to be an office colleague. If they have somehow gained access to a staff member’s calendar, they will know when that person is away on holiday. They can then use this opportunity to impersonate them by sending messages to their colleagues with the aim of gaining sensitive data or access rights.
To avoid this happening, it is important for all staff to carefully check all received emails, particularly if they appear to have come from someone who is not actually at work. They should check for wording that appears strange or requests that seem out of the ordinary.
Compile a comprehensive contingency plan:
Organisations should develop plans that serve as a comprehensive guide to the steps staff should take if an attack occurs. This will enable them to react quickly and hopefully limit the impact of the incident. The plan should include a list of who should be involved in the response and outline their particular areas of responsibility.
Deploy multi-factor authentication capabilities:
Having a multi-factor authentication (MFA) solution in place can prevent attackers from gaining access to an organisation’s network even if they have obtained the login credentials of staff via a successful phishing attack.
Make use of endpoint security:
Organisations should also ensure they have in place an advanced detection and response capability. This needs to be capable of continuously monitoring endpoints and carrying out automated blocking of anomalous users, machines, and process behaviours. This, in turn, will ensure all network devices are protected in the event of a cybercriminal gaining access to the organisations IT infrastructure.
By undertaking these steps, organisations can be confident they are well placed to avoid cyberattacks during the holiday season and remaining staff are aware of the steps they need to take should one occur.