Cyberattacks are restless. With the holiday season approaching, the joy of this season is wrapped up with potential cybersecurity hazards threatening businesses. Global security authorities express their fears of increasing possible cyberattacks while Businesses are closed for the holiday season. Unsupervised IT networks and systems during the holidays are shown as a golden opportunity for cyberattacks.
In Norway, for example, The National Security Authority (NSM) warns against potential cyber-attacks this holiday and inquires all Norwegian companies to be highly prepared. Sofie Nystrøm, the director of the Norwegian National Security Authority, said that:
"We have seen a sharp increase in cyber operations in November and December. We already know that cyber attackers take advantage of days off with lower preparedness, and the risk of attacks on Norwegian companies at Christmas is therefore great. Norwegian companies must take this threat very seriously."
Accordingly, businesses should assess if their contingency plans include sufficient measures to deal with cyberattacks during holidays. Below are some tips that can help better prepare your organization against such threats:
Tip 1
Accept that YOU are the TARGET
If you have some form of IT infrastructure, you are a target. It doesn't matter if you are national security or the florist in the corner shop. Criminals out there do not care who you are. They will access your stuff and then figure out a way to get a return on investment. Yes, it is cynical, but this is the reality of Information Technology and Cybersecurity today. Moreover, other threat actors are out there who work slowly, deliberately, and with another agenda. They may not be interested in you, but they can use your infrastructure for their own benefit. Just more reason for you to up your game.
Tip 2
Fix your password policy
For a long while, there has been this idea that a password should be formed with a set of characters, numbers, and some odd random character, such as %$#"!. Now, the bad guys have researched this and figured out that most people use a word - with a capital letter in front, numbers at the end, and whatever special character is required at the end. Consequently, "Winter2021!" is a BAD password. Now, the good guys have also researched the issue and concluded with entirely new advice for setting up passwords (US NIST, NCSC UK, and Microsoft, among others). The recommendation now is to set a minimum length at 8 characters, no requirements, but check and reject the password against a known list of bad passwords. Obviously, using Multi-Factor Authentication (MFA) would be preferable, but it is not always possible.Tip 3
Conduct cyber awareness training for your personnel
The threat landscape is always changing. Conduct yearly awareness training for your personnel. This could be done as an online course, as a series of lectures from experts, or a combination. Personnel that are assigned tasks in relation to contingency plans should also conduct exercises with relevant scenarios for their role. October is in many countries "the security month," with lots of different organizations offering courses, presentations, and other awareness activities. Seize the moment.
Setting up a contingency plan and regular training for the various relevant scenarios will reduce stress and allow the crisis team to handle the situation better.
Tip 4
Keep a contingency plan ready
Being exposed to a cyberattack can be a very stressful experience. Setting up a contingency plan and regular training for the various relevant scenarios will reduce stress and allow the crisis team to handle the situation better. Even something as simple as identifying whom to call for help if things go wrong is way better than having planned nothing. A suggestion here is to check out the latest RAYVN contingency plan templates.Tip 5
Update your security strategy
Your security strategy is underpinning the business strategy. Whatever you want to achieve in business should be reflected in and supported by your security strategy. Doing otherwise will likely lead to wasted resources and money on the wrong set of security measurements. Your strategy should determine the long-term goals and be a tool to aid in strategic planning for your organization.
Crisis management is all-year-round
Crisis management and contingency planning are not only tied to holiday seasons. Your organization must always protect critical assets and sensitive information all year round. A smart and integrated plan can help you detect threats, respond quickly with accuracy, and recover faster from disruption. And remember that having an in-place crisis management tool will help you not only manage cyberattacks, but also enables you to alert teams and coordinate with the right stakeholders to control attacks at the earliest.
A smart and integrated plan can help you detect threats, respond quickly with accuracy, and recover faster from disruption. And remember that having an in-place crisis management tool will help you not only manage cyberattacks but also enables you to alert teams and coordinate with the right stakeholders to control attacks at the earliest.
Your 14-day RAYVN free trial!
Test RAYVN and all its features in your organization
Simple sign-up process. You will not need to enter a credit card to sign-up for the trial.
Our support team is here to help you if you have any questions.
Sign me up
