Tired of cybersecurity tips that don’t really make an impact? This post is for you.

The year is winding down to an end. Everyone, including security teams, is busy and preoccupied. Cyber actors know this and are gearing up to launch attacks.

Over the holiday season, the global number of attempted ransomware attacks has increased by  30% YOY. Also, a 70% average increase in attempted ransomware attacks appears to occur in November and December compared to January and February.

One report from the retail and hospitality sector indicates that imposter websites, product-focused phishing attempts and phishing attempts impersonating executives all tick up during the holidays. The report also observed a greater prevalence of social engineering attacks, heavily targeted at credential harvesting or bypassing multifactor authentication (MFA).

With security teams already stretched thin, what happens when people head out for the holiday break? Short staff leaves your data, systems and networks even more vulnerable. If an incident occurs, do you have a holiday response plan in place?

Let’s look at some truly useful tips on how to prepare for cyberattacks during the holidays.

Tip 1: Have a response team in place

Before you head out for the holidays, know who can be called in if a cyber incident happens. You should clearly establish, in writing, who’s on call and when.

On-call team members should be available 24/7. Well-organized incident response teams should already understand their roles and responsibilities. Still, given how hectic the end of the year can be, it’s worth confirming who will be responsible during the holidays.

Tip 2: Consider managed detection and response

Some companies transfer security tasks to a managed detection and response (MDR) provider. It then becomes the responsibility of the third party to provide full coverage over the holiday and weekends. MDR solutions can take care of the full threat management lifecycle with turnkey support for leading endpoint and network security technologies.

The reality is that with the increasing complexity of malicious and automated cyber threats, many organizations lack the security skills to handle sophisticated and advanced threats. Even organizations that do have the required expertise often struggle with managing too many security tools and alerts to adequately reduce mean time to resolution (MTTR).

Alert overload and time-consuming investigations lead to security analyst fatigue. Meanwhile, today’s reality demands 24-7 coverage to investigate alerts as threat actors tend to attack during non-business hours and holidays.

For this reason, managed detection and response is an attractive solution for security teams that lack the expertise — or team size — to maintain strong security during shoestring staffing periods. MDR can consist of services such as alert management, threat containment, incident response and proactive threat hunting.

Tip 3: Be extra careful with downloads, clicks, messages and emails

Since everyone is in a hurry to get work done, we may let our guard down when it comes to reading emails carefully. Remember, the majority of malware still gets into computers and systems due to human error. Even the most careful of us may accidentally open infected files or click on malicious links.

Social engineering attacks continue to generate good results for cyber criminals. So be wary of any and all communication, even if it appears that it comes from a trusted source. All employees should treat any unsolicited messages with the highest level of suspicion.

If a request sounds fishy, stop and examine the entire context carefully: Who is the message coming from? Is the email address or domain name valid? Look again. Slight misspellings and typosquatting attacks can escape detection if you are in a hurry to get out the door.

You can also do in-house phishing drills. This means sending out fake emails on purpose to test your teams and educate them. When they spot a suspicious email, praise them. If they take the bait, show them where they made a mistake.

Tip 4: Lockdown privileged accounts

During the holidays and weekends, some security experts recommend locking down privileged accounts. It’s common for intruders to penetrate networks by escalating privileges to the admin level, where they can then deploy malware. High-level access is rarely required on holiday breaks or weekends.

As an option, security teams can create highly secured, emergency-only accounts in the active directory. These accounts would only be used when other operational accounts are temporarily disabled or when operational accounts are inaccessible during a ransomware attack.

An even better strategy would be to adopt privileged access management (PAM). This is a strategic approach to who has privileged access to the network. PAM includes infrastructure and apps and purposely manages access to them. Frequently, this involves using a single point of sign-on for users and a single point of management for admins.

Especially in hybrid cloud environments, a fully managed PAM program can provide guidance from strategy through steady-state management. PAM can also enable automation, analytics and optimization to secure your privileged users.

Tip 5: Establish clear isolation tactics

Isolation stops attackers from making any further ingress on the network and from spreading malware to other systems or devices. Security teams prepare to disconnect a host, lock down a compromised account and block malicious domains. Scheduled and/or unscheduled drills help make sure all personnel and procedures will perform adequately in the event of a breach.

As networks achieve more complexity, isolation may be difficult to execute in a real-world cyber incident. For this reason, extended detection and response (XDR) has gained significant traction.

XDR essentially gathers all the anchor tenants that are required to detect and respond to threats in one place for easier analysis. This enables the security teams to take action quickly without getting lost in multiple use cases, workflows and search languages. XDR also helps security analysts respond quickly without the need to create endless playbooks to cover every possible scenario.

XDR unifies insights from endpoint detection and response (EDR), network data and security analytics logs and events, as well as other solutions, such as cloud workload and data protection solutions. This provides a complete picture of potential threats. Meanwhile, automation is implemented for root cause analysis and recommended response, which is critical in order to respond quickly across a complex IT and security infrastructure.

Keep your organization safe this holiday season

If you were paying attention, you know many of these tips aren’t something you can deploy overnight. Establishing strong security is an ongoing campaign, and it will continue beyond the new year. As your strategy and tactics improve, your IT assets and resources will be safer during the holidays and beyond.

More from Incident Response

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today