Originally Published December 16, 2019
What does an IT manager want for the holidays? Other than a stable internet connection, and some time off, the people responsible for network performance and security know that they need to be on alert for an uptick of attacks occurring over the holidays.
Why is that?
Large scale malicious attacks are often executed over the holidays because IT departments are understaffed in the days and weeks that surround the Christmas and New Year celebrations in most of the western hemisphere. It’s important to remember, however, that the work of moving maliciously into a protected network had likely occurred long before the major damage was executed. To set up a multi-pronged and sustained take-over of critical systems and valuable data, a malicious actor may plan for months or years doing research, engaging in social engineering, spear phishing, inserting malware, and other maneuvering as a prelude to a critical data theft or sabotage over the holidays.
The nature of the target will largely dictate the nature and voracity of the attack, but something that large custodians of data need to start focusing on is the simple, preventative maintenance of human and technological practices during the early part of the month of December.
Here are five things to consider implementing in your organization before the holidays:
1: AUDIT – Start by taking an inventory of existing systems and permissions, because no problem can be solved if the scope can’t be assessed. Internal company hardware like servers and desktop systems are easy, but it’s important to know what laptops, mobile devices and removable storage devices make their way through the front line of your secure environment regularly. Also, make sure nothing is running in default or debug modes, and double check that permissions, policy and session management protocols are all compliant with network specifications.
2: UPDATE – If your organization is running a version of an application or operating system with a known exploit and an attacker discovers this, the attacker will start by leveraging known exploits. Take the time to go through each device and update all software to the most up-to-date, secure versions. This can also be a good time to standardize software and plugins across devices.
3: CHANGE PASSWORDS – If your network is managed by one person or a small team, something as simple as all root access admins changing passwords at the beginning of December can mitigate the risk of a whole host of attacks that had been prepared for months by malicious actors.
4: CREATE AN INCIDENT RESPONSE HIERARCHY – If there is a DDoS, ransomware attack, IoT takeover or some other attack over the holidays, make sure that every critical member of the mitigation team knows who needs to take the lead in solving problems in a crisis over the holidays, if that process is different than the rest of the year. Time is critical in these circumstances, so knowing exactly the nature of the chain of command is a critical step. It is also wise to go over incident reporting policies with the non-IT staff at your company so that other coworkers are reminded how incidents are to be reported.
5: DO NOT OVERCOMPLICATE THINGS – The holidays are a good time to audit, update and make some simple changes. They are NOT a time where policies or architecture should be completely reconfigured. If this list makes you nervous, it might be time to rethink your security practices and start to implement a more systematic approach to securing your company’s assets, but they holidays may not be the right time for an overhaul.
It’s important to remember that no system is perfect, and the weakest link is probably just a random person in the office accidentally creating exploit opportunities for malicious actors. Therefore, the best outcomes come from the best practices and simple systems. The above is a good place to start, but please let us know what you would do differently. We want to hear from you.
Enjoy the holidays!