The holiday season is here, meaning social get-togethers, lights, tinsel and endless mince pies. It’s easy to get distracted amidst all the chaos, but the festive period is when the security of your business is arguably at its most vulnerable. Why? Those cyber grinches just love to come out.
In this article, I’ll look at three of the security scenarios to be aware of during this festive season.
As dramatic as it sounds, the surge between Christmas and New Year is real (not just for shopping purchases). When employees take holidays, and the wind down to Christmas commences, it’s easy for companies to let their guard down. With less staff than usual and the distraction of festivities, cybercriminal activity can seep through the cracks of even the most robust security measures.
Making sure you have a security plan in place is of the utmost importance. The National Cyber Security Centre (NCSC) has provided guidance for preparing, identifying and resolving cyber incidents, which is always worth a read to stay up to date. They’ve also supplied a specific seasonal warning toward scammers targeting last-minute Christmas shoppers. Recommendations include keeping accounts secure with strong passwords and multifactor authentication, choosing carefully where you choose to shop online, and staying cautious of messages that are “too good to be true.”
Watch Out For Grinch Bots
Despite the humorous seasonal terminology, Grinch Bots are a very real security problem when it comes to the internet, especially around Christmas time when website activity is increased due to present purchasing.
Performing repetitive, automated tasks, bots have the ability to flood the traffic of websites with requests mimicking those of a human, sometimes spreading malware in order to gain total control of a network, with the goal of disrupting a service, damaging reputation or gaining business advantage against a competitor.
For example, consider the recent distributed denial of service (DDoS) attack on one of the largest Minecraft servers in October of this year: The two-minute multi-vector attack consisted of UDP and TCP floods packets that attempted to overwhelm the server and kept out thousands of players. Security researchers claim it was the largest attack ever seen bitrate-wise, exceeding 2.5 Tbps, proving that multi-terabit DDoS attacks are on the rise.
To prevent potential botnet attacks, keep software and operating systems as up-to-date as possible and prepare a DDoS response plan. Monitoring your website traffic closely for any spikes or failed login attempts could also raise awareness of any potential bot activity.
Is That Christmas Incentive Too Good To Be True?
During the holiday season, emails are often flying back and forth about Christmas parties, payroll changes, office deliveries and more. With malicious files and embedded links named with phrases such as “Christmas Menu” and “Annual Bonus,” employees can be lured into clicking links they otherwise wouldn’t.
This year, a phishing platform called “Caffeine” has launched a system with an open registration process that allows anyone to kickstart their own phishing campaign. Without the required approval of admin, which is needed on most other phishing platforms, users willing to get involved simply sign up, enter a dashboard and purchase a subscription license, and the phishing tools are instantly accessible.
With these lower-skilled cybercriminals gaining the ability to phish amongst their higher-skilled companions, the frequency of phishing may well be on the rise. So, think twice before clicking emails this holiday season.
I’d recommend creating a company code/signal for Christmas-themed emails (such as work parties and Secret Santa) to highlight to your fellow co-workers that the email is, in fact, safe—especially when money is involved.
I hope these highlighted security scenarios raise awareness of cybersecurity issues that may be exacerbated during the holiday season and that you and your company are able to use these tips to stay safe.