‘Tis the season for giving thanks, holiday cheer and … cyberthreats. One of those three probably isn’t on your wish list, especially if you staff security operations centers.
Studies show that cyberattacks against businesses increase around the holidays. According to a report last year from security vendor Carbon Black, attempted attacks were on pace to rise more than 60% year over year.
The aforementioned threat of phishing remains an existential scourge and the bane of SOC analysts, but it really ramps up between Black Friday (the informal name given to the busiest shopping day in the United States) and Christmas. Researchers estimate about 6,000 e-commerce phishing sites are live on the web, and that number will grow by 50% through the end of the year. (Earlier this year, we published a list of four things every SOC should be doing to counter phishing.)
Meanwhile, the prospect of a crippling ransomware incident becomes especially dire during the late November-to-December stretch, a period when merchants count on for turning an annual profit, so any breakdown in operations stands to deliver a death knell. And if the recent headlines are any indication – from nursing homes to state and local governments to school districts getting hit – the ransomware menace has no plans of taking a holiday break.
But exactly what precautions should you be taking during this time of year, aside from having reliable and automated playbooks in place? Do you need to be doing extra work, or something entirely different? Or is it simply business as usual? And if so, could this stretch of weeks actually instead serve as a growth opportunity for your SOC? We asked three Siemplify security operations experts to share some thoughts and practical tips.
Arnaud Loos, technical account manager: Some types of attacks, such as phishing attacks, do increase during the holidays, but a proper methodology for handling these types of attacks should scale to handle the moderate increase. I see the holidays instead as a great time to baseline your network. There’s probably no other time of the year with fewer employees working on premises or remotely (depending on the industry). Want to know what operations look like when it’s just the systems talking and not the users? The holidays are a great time to do this. Baseline your server load, network activity and log ingestion rate to have a clearer picture of how much additional load your users are placing on the network. Being able to spot changes in trends requires this information.
Oleg Siminel, senior security solutions architect: I believe in due diligence and due care. Proper implementation of security controls and efficient monitoring will greatly reduce the risks, as well as give the ability to detect and respond to threats quickly, without affecting the business. Attackers may perform more attempts during this period, but that won’t really affect the majority of organizations more than it would outside of holidays. In reality, offices are empty, and disaster recovery can be performed in a more straightforward matter ;).
Robert Becker, director of solution engineering: A lot of people are on break during this time of year, so there’s more concern of script kiddies poking around, especially against retail. They’re going after known exploits, and you’ll probably see an influx of alerts for things like port scans, failed login attempts and websites queried with SQL injection. Of course, if you’re not patched, you’re not going to be able to protect against what their putting out there. It’s also worth noting that with the additional script kiddies in play, you could have legitimate hackers trying to blend in.
Have other questions for our trio of experts? Email Siemplify Director of Content Dan Kaplan, and he’ll get your inquiry answered.