CyberNews

Cybersecurity: Preparing your company for vacation

Taking a break from the office? Lucky you… but cybercriminals don’t! Cybercrime continues to escalate. During the summer, companies need to be extra vigilant. It’s obvious that hackers will also take advantage of the vacations.

Phishing and malware attacks are more likely to be encountered during the summer months. Most organizations don’t fully appreciate the risk, yet the threat lurks.

Here’s a quick reminder of the risks and best practices.

In summer, offices go empty, leaving the door open to cyberattackers

Summer threats are a reality

The work organization involved

The cybercriminal knows that the usual staff is going on vacation and is sometimes replaced by temporary staff. Therefore, he knows that he will be able to use simpler techniques to carry out his plan. He will thus redouble his efforts to carry out social engineering campaigns to get a maximum of useful information for his future attacks.

The cybercriminal will also bet on the incident response time which should increase during this period, putting the company at risk.

Phishing campaigns, BEC (Business E-mail Compromission) attacks … all the arsenal will be used to gain access to the organizations’ systems. As security teams are often understaffed during this period, the attacker knows that vigilance will be reduced. However, as cybersecurity experts know, reaction time is crucial in the event of an attack.

Wifi & Cloud connections

Mobile working is becoming increasingly common for staff and in the summer especially. Indeed, summer is a time of remote access combined with the use of public Wi-Fi. The evil combo!

The scenario is simple and seems innocuous: We are away from work for long periods of time and some of us feel the need to check our emails, and here we are looking for a connection in the airport, at the restaurant…

And that’s how we connect to an unsecured Wi-Fi network, putting the company at risk.

Mobile usage

  • Employees on vacation are perfect targets for cybercriminals who know that they will use their personal cell phones more often. However, their personal mobile phone does not have the same protections as your company’s.
  • We know, and so does the attacker, that you have taken some nice vacation photos. Nevertheless, it is best to avoid connecting your brand-new camera to your work computer to upload your photos.
  • Also think about a privacy filter if you use your work computer. Who hasn’t seen his neighbor in the train doing his company’s balance sheet in front of your eyes?
  • Remember to lock your screen if you are away. The best thing is… not to go away. A malicious USB key connected to your computer can happen so quickly. Keep your devices safe and out of reach.
  • Also beware of free USB charging stations in public places, malware may have been introduced there.

What are the risks in summer?

Summer can be cruel for some businesses.

30% of companies have seen a particular spike in attacks during vacation, weekend, and vacation periods. 

The most common cybercrimes are ransomware (20%) and other identity theft (43%), including fake president fraud (42%) and fake customer fraud (35%).

Observed tactics include:

  • Phishing remains an effective attack vector for cybercriminals. They use the victims’ lack of vigilance to achieve their goals. They will try to catch employees off guard, by deceiving them with fake e-mails when they are not paying full attention. The more relaxed employee will let his guard down and will…click.
  • Spoofing is one of the methods chosen by the criminal. It is an attack by which a person pretends to be someone else by falsifying his data.

    Slamming is a variant of phishing that consists in recovering domain names in order to increase their management fees.

  • Ransomware explodes during this period. We may see even more double, triple and even quadruple extortion attacks this summer.
  • Data breaches. There is a significant increase in social engineering email attacks to steal sensitive data.

We must remain vigilant, especially in companies operating in the tourism, transportation, online booking sectors…

Stay alert if you receive travel offers and notifications from airlines. Make sure the site is legitimate.

Beware of ads that are usually too good to be true and become popular during the summer period.

What solutions to face it?

Companies need to increase your ability to anticipate reducing the risk of cyberattack.

Here are our six tips for organizations:

  • Ensure that the business continuity plan is ready and known by all teams.
  • Ensure that there are enough qualified staff who are aware of the cyber risks during the period.
  • Guarantee an optimal level of detection by using technologies capable of replacing the human. TEHTRIS offers through its XDR Platform the best unified technological response on the European market. Business managers, small or large, need to ensure that they are equipped with technologies capable of identifying and responding quickly to the slightest sign of an attack. What could be faster than real time? 🙂
  • Protecting is always important, and even more so during the vacations. Companies must apply the zero trust method, patch management, a permanent watch on vulnerabilities and closely monitor their potential enemies to know their behavior, their TTP (technical tactics and procedures).
  • Automate as much as possible the level of response in case of behavioral deviance or incident. This is what TEHTRIS’s CYBERIA artificial intelligence, allows, thanks to its hyper-automation capabilities for many controls.
  • Be ready in case of crisis

Resilience comes through preparedness. You must be ready in case of a cyber crisis. It is imperative to prepare all the questions and have the answers:

  • Are automatic procedures in place? This question must be asked before the crisis even begins. TEHTRIS technologies provide detailed information for each alert. AI makes it easy to prioritize alerts and visualize the urgency level of threats.
  • The company must digitize and automate the procedures to be triggered upstream, define the crisis plan with the right tempo for each action, and anticipate the communication.
  • What happens as soon as an attack is detected? Is a process established?
  • Are the different actors of the company well defined? How should they act? Each role must be clear. A responsibility matrix must be developed, and a crisis manager must be appointed.
  • What are the alert systems that need to be mobilized, what is the timeframe envisaged? A crisis “kit” must be ready, and the teams must be made aware of it. The speed of response is a major factor. It is an essential element in managing a crisis and reassuring internal teams.
  • Is the communication ready? It must cover both internal and external aspects.

[1] Euler Hermes et la DFCG. 2020