Raindrops on roses and whiskers on kittens,
Bright copper kettles and warm woollen mittens,
Hackers are hacking your networks at night,
Filling your season with plenty of fright.
Don't worry, I am not going to bless you with an entire poem based on the Sound of Music classic, My Favorite Things – a popular Christmas song for reasons that I can't seem to figure out. My musical inspiration comes from the holiday controversy that goes underreported—cybercrime.
Hackers take advantage of the holidays
Real versus fake plastic trees. Black Friday versus Boxing Day. Pro or against allowing Baby it's cold outside on the radio. These are the stories that make headlines every single year. Every year they are based on personal interviews or the "Twittersphere" blowing up. They are as consistent as snow in December in this part of the world. There is one other headline that we also see every year, but unlike those opinion-based stories this one is based on data that is as cold and hard as the icicles forming on your eaves.
I'm not trying to put a lump of coal in your stocking, but while office parties and spiked eggnog are in full swing, hackers are taking advantage of their opportunity (aside: don't you just love all the metaphors - but hey, it is the holidays).
A study by Carbon Black found that global organizations encountered a 57.5 per cent increase in attempted cyberattacks during the holiday shopping season. Inevitably, we will see an influx of holiday hacking headlines this year as cyber-criminals take advantage of the festive season to play the Grinch who stole Christmas.
What exactly makes the holidays a fruitcakeful time for hackers?
The data shows that hacking activity goes up over all holiday periods because cyber-criminals and nuisance hackers know that IT departments are short-staffed, companies are busy closing out their fiscal years, and users are receiving all kinds of inbound emails that aren't part of a typical week. This higher risk profile is made worse because it is very difficult to communicate and make decisions in the event of a cyber-crisis because you are missing key stakeholders to a drunken New Year's Eve party. Lack of velocity is often the enemy of success in responding to a new cyber-threat.
This nefarious activity generally begins around American Thanksgiving and calms down once all employees are happily back in the office beavering away to achieve new year's resolutions and the 2019 corporate objectives. Cybersecurity managers or those IT people who need think about security (i.e. all of them) should strongly consider reminding employees to remain vigilant over the holidays. Perhaps it's a good time to send out a phishing test or two and publicize the results to all the staff. Take more time to carefully monitor your logs and activity to look for changes and consider that this is a good time to add additional layers to your cybersecurity stance.
Turn on the fireplace channel and try out a DNS firewall
CIRA has an early Christmas present to help anyone who wants to layer-in additional security. Adding a DNS firewall is as easy as changing the DNS settings on your router or gateway and it instantly protects all of your network by stopping users from clicking on malware or phishing sites. A DNS firewall also strengthens your defences by blocking the command and control for many forms of malware. Moreover, because CIRA's service has a unique view of the threat landscape our blocking feed complements your other forms of end-point protection to help stop what they may be missing.
So, this holiday season, before you put that extra shot in your eggnog, grab your free trial of CIRA's D-Zone DNS Firewall and dream of sugar plum fairies rather than holiday hackers. Our trial service is full featured with no restrictions, no maximum user count, and is simple to implement.
It's like a warm, plaid blanket of comfort and joy for IT managers all across Canada.