What do you think all of these companies have in common?
- Saturday, May 8, 2021- Colonial Pipeline
- Friday, May 27, 2021- meat processing giant JBS
- Friday, July 2, 2021- IT management software company, Kaseya
There aren’t many commonalities except…they were ALL infected with ransomware over a holiday weekend. While it is well understood cybercriminals attack targets strategically, what makes holiday weekends so appetizing to them?
The appeal is simple. A cyberattack involves infiltrating a network, infecting defenses with malware, escalating privileges, and taking complete control of a network. This takes time. The more time, the more damage is inflicted. Brett Callow, a threat analyst with the antivirus company Emsisoft mentions, “Generally speaking, the threat actors deploy their ransomware when there is less likelihood of people being around to start pulling plugs. The less chance of the attack being detected and interrupted.”
In 2020, the FBI’s Internet Crime Complaint Center received 2,734 ransomware incident reports from cyberattack victims. This was a shocking 20 percent increase over the previous year.
A percentage increase that high is significant. So, it makes perfect sense to understand what factors contributed to holiday weekend cyberattacks.
Here are the top two reasons that were found:
- Lack of resources and manpower protecting data.
According to Katie Nickels, director of intelligence at security firm Red Canary, “Intuitively, it makes sense that defenders may be less attentive during holidays, in large part because of decrease in staff.”
A leaner staff is focused on essential daily operational tasks, and less on proactively searching for suspicious network activity.
- It is difficult to get in touch with key decision makers.
Employees, managers, and senior management are often focused on quality time with their families over the holidays. Company voicemails, text messages, and emails are just not on their priority list.
Katie Nickels addresses this further by mentioning, “If a major incident occurs during a holiday, it may be more difficult for defenders to bring in necessary personnel to respond quickly.”
This makes it difficult to approve overtime, and to bring in the proper technician to handle an emergency. If the decision makers cannot be reached, no immediate action may be taken.
It is also very difficult to call in personnel for an emergency, on a holiday. Technicians also have lives, and may be out of travel distance for the weekend.
You can have the proper cybersecurity precautions in place, prior to a holiday weekend. It just involves proactively planning weeks in advance.
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have provided the following best practices to protect your data well in advance of a holiday weekend:
- Don’t click on suspicious links.
- Make an offline backup of your data.
- Use strong passwords.
- Make sure your software is up to date.
- Use two-factor authentication.
- If you use remote desktop protocol (A Microsoft product has historically proven a popular entry point for attackers) proceed with caution.
- Keep a few extra tech staff on call over the weekend.
If you’re looking for additional ways to protect your business over those holiday weekends and beyond, click here.