‘Tis the season for turkey and stuffing, for giving and gifting, for trees and lights, for ‘Black Friday’ and ‘Cyber Monday’, and parties to round out your year and usher in the new. But ‘tis also the season for heightened attacker activity. While we prepare to take some time off and attempt to wind down from hard work and accomplishment, attackers are gearing-up for a season of breaches, exploits, and financial crime.
Trends over the past few years suggest that heightened attacker activity is seen from the end of October into late December. Why?
- As retailers shift their focus to make-or-break holiday sales, every other aspect of operations slows down, and security is no exception. Non-customer facing employees relax and turn their attention to parties and vacations, often leaving systems open and unmonitored. This can result in undetected attacker access and unhindered time and activity within corporate environments.
- With consumerism in full swing, transaction volumes skyrocket across all channels and locations, resulting in more opportunities and potentially higher yields for attackers.
- Attackers are known for exploiting the seasonal spirit of giving to perpetrate attacks against well-meaning employees who can inadvertently allow a cybercriminal to gain a foothold in the corporate environment.
This holiday season, security-related pressures are even higher for companies dealing with new requirements such as the October EMV migration deadline and recent changes to security compliance standards. Many companies are also dealing with Q4 security enhancement initiatives. These vary from company to company, but can include upgrading operating systems that have reached end of life, patching vulnerabilities, and identifying attack vectors through pen tests and plugging identified gaps, all to reduce exposures, particularly in the Point of Sale (POS) environment, which could be exploited during the holiday season.
With increased awareness of the dangers that the holidays bring, and the year-end push to bolster POS security, many companies will be better prepared this season than they were last year, but security experts argue this still may not be good enough. In addition to pushing hard to complete year-end security initiatives and making sure IR plans are in place, think about mitigating externally accessible vulnerabilities.
- Limit the access (to systems/data) of seasonal workers to the absolute minimum required
- Increase hunting and monitoring activity
- Do a thorough vulnerability sweep right now
- Proactively send advice to holiday shoppers to heighten awareness and engage them as an early warning mechanism
Enjoy your holidays, be thankful and be merry! Remember to keep watch and stay alert. And, take heart in the fact that while attackers are hard at work this holiday season, so is your Raptor Incident Response Team. Happy holidays!