Freely subscribe to our NEWSLETTER

This pattern of behaviour has been observed before, with the most notable incident being the SolarWinds breach that took place between Christmas and New Year in 2020. This breach, which targeted the company’s Orion software, compromised thousands of clients globally, including key government agencies and top-tier corporations. The orchestrated campaign was not only a wake-up call for IT professionals, but a vivid reminder of the cybersecurity vulnerabilities that emerge when the usual vigilance wanes during the holiday season.

The Holidays and the Big Change Freeze

This time of year provides the perfect scenario for cybercriminals. Reduced staffing, delayed response times, and the general complacency that comes with the festive season create an ideal environment for attacks. To ensure smooth operational continuity during the high-activity holiday season, many organisations adopt a ’change freeze’ on their IT systems. This is where planned updates to the IT environment are postponed while other priorities are taken care of, which inadvertently creates gaps in cybersecurity. Essential updates and patches are delayed, leaving systems exposed to known risks. The SolarWinds incident is a stark example of how such vulnerabilities can be exploited, highlighting the need for a more nuanced approach to IT management during these periods.

Heightened Risks with Reduced Staffing

The festive season often coincides with reduced staffing levels. This decrease in personnel substantially affects the ability to effectively monitor, detect, and respond to emerging cyber threats. Not all companies have a third-party Security Operations Center (SOC), let alone one in-house, and many Secure Operation Centers (SOCs) only run during business hours. This lack of continuous monitoring becomes even more apparent at the end of the year, as was evident in the SolarWinds case.

Rise of Holiday-Themed Phishing Scams

The holiday season creates a surge in phishing scams, aimed at exploiting the general atmosphere of urgency and distraction in organisations. The "Phishmas: Direct Deposit Scam," reported by Avanan, a Check Point company, is an example where attackers used this time of year to impersonate employees and make changes to financial transactions. In this scam, attackers posed as employees asking HR or their managers to change direct deposit information, redirecting payments to the fake account. These scams are particularly insidious during the holidays and require heightened awareness and preventive measures.

Shifting Mindset in Incident Response (IR)

The consequences of these breaches are far-reaching. Beyond the immediate financial impact and data loss, companies suffer reputational damage and eroded customer trust. In the case of SolarWinds, the cost implications in the first nine months following the attack reached upwards of $40 million, which was partly offset by cyber insurance but still had a significant impact on the organisation. The aftermath of an attack often involves costly remediation and heightened regulatory scrutiny, making it a long-term challenge. The solution is a shift to a more proactive mindset in IR.

Too often our IR Team sees victims operating reactively once an attack is in progress. Sometimes they are not contacted until days later when evidence has already been destroyed or contaminated during remediation efforts. With proactive IR, you can identify what needs protecting, where the vulnerabilities and weaknesses lie and how to deal with them and any associated risks.

How Businesses can Stay Safe over the Holidays

Ensuring cybersecurity during the holidays is crucial for businesses as the increased online activity often attracts cybercriminals seeking to exploit vulnerabilities. Here are some tips to help businesses stay cyber safe over the holidays:

Employee Training: Conduct cybersecurity awareness training for employees to educate them on potential threats and best practices. This is especially important for any stand-ins who may not have full visibility based on access management

Update and Patch Systems: Although some implement a change freeze during this time of year, organisations should regularly update and patch all software where possible, including operating systems and applications, to address known vulnerabilities

Secure Remote Work Environments: If employees are working remotely over the festive period, ensure that their home networks are secure. Implement virtual private networks (VPNs) to encrypt data transmission and use multi-factor authentication (MFA) for access

Phishing Awareness: It is important to warn employees about holiday-themed phishing scams, such as fake promotions or shipping notifications. Encourage them to verify the authenticity of emails and avoid clicking on suspicious links

Monitor Network Activity: Network monitoring tools are designed to detect and respond to unusual activities promptly. Set up alerts for any suspicious login attempts or unauthorised access

Data Backups: You should regularly back up critical business data and ensure that those backups are stored securely. Test data restoration processes to guarantee that backups can be successfully recovered if needed

Collaborate with Vendors: If your business relies on third-party vendors or service providers, ensure they adhere to robust security practices. Verify their security measures and communicate your expectations regarding data protection

Conclusion: Embracing a Dynamic Approach to Cybersecurity

The SolarWinds incident is a powerful reminder of the persistent nature of cyber threats, particularly during the holiday season. Recognising that cybersecurity is a continuous process is key to countering these evolving threats and safeguarding organisational assets. Organisations should adopt a preventative approach including regular system updates, comprehensive employee training, and stringent security protocols to ensure robust defence mechanisms against the unique challenges of the festive period.