In Norway, for example, The National Security Authority (NSM) warns against potential cyber-attacks this holiday and inquires all Norwegian companies to be highly prepared. Sofie Nystrøm, the director of the Norwegian National Security Authority, said that:
"We have seen a sharp increase in cyber operations in November and December. We already know that cyber attackers take advantage of days off with lower preparedness, and the risk of attacks on Norwegian companies at Christmas is therefore great. Norwegian companies must take this threat very seriously."
Accordingly, businesses should assess if their contingency plans include sufficient measures to deal with cyberattacks during holidays. Below are some tips that can help better prepare your organization against such threats:
Accept that YOU are the TARGET
Fix your password policy
For a long while, there has been this idea that a password should be formed with a set of characters, numbers, and some odd random character, such as %$#"!. Now, the bad guys have researched this and figured out that most people use a word - with a capital letter in front, numbers at the end, and whatever special character is required at the end. Consequently, "Winter2021!" is a BAD password. Now, the good guys have also researched the issue and concluded with entirely new advice for setting up passwords (US NIST, NCSC UK, and Microsoft, among others). The recommendation now is to set a minimum length at 8 characters, no requirements, but check and reject the password against a known list of bad passwords. Obviously, using Multi-Factor Authentication (MFA) would be preferable, but it is not always possible.
Conduct cyber awareness training for your personnel
Setting up a contingency plan and regular training for the various relevant scenarios will reduce stress and allow the crisis team to handle the situation better.
Keep a contingency plan ready
Update your security strategy
Crisis management is all-year-round
A smart and integrated plan can help you detect threats, respond quickly with accuracy, and recover faster from disruption. And remember that having an in-place crisis management tool will help you not only manage cyberattacks but also enables you to alert teams and coordinate with the right stakeholders to control attacks at the earliest.