For some, it's never too early, and for others, we’ve only just reached November! But for hackers it’s harvest time – the holiday season.
Regardless of how far out you approach the holidays, it’s been clear with recent activity and public disclosures in Australia – and from the continued rise in attacks across APAC in the last year, especially during Lunar New Year – that cybercriminals will continue to exploit holiday periods and launch attacks in hopes of finding security teams distracted and ill-prepared.
For many organizations, December and January are the most vulnerable months of the year. If Optus, Medibank, Energy Australia, MyDeal are precursors, then understandably there is constant concern over what’s next and a need for more than detection and response after the fact.
But it doesn’t all have to be coal in stockings. Fortunately, there’s an opportunity to spread a little seasonal joy this year by helping organizations quickly better defend for the holiday season – and assuming breach will set you up to avoid unwanted gifts.
Why is it cybercrime season?
Ransomware is top-of-mind for any chief security officer these days. According to the Australian Cyber Security Centre (ACSC), the average loss per incident grew 1.5 times over the previous financial year to reach more than $37,000.
In many cases, these costs are much higher.
It’s not just the direct cost of incidents that focus the attention of Asia-Pacific organizations. Insurance premiums are rocketing across the globe, and in many cases, best practice security measures are now a prerequisite for coverage.
Cybercriminals are increasingly looking to capitalize on understaffed IT departments during the holiday seasons. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have warned that cyberattacks like Kaseya, JBS USA, and Colonial Pipeline have all happened during holiday weekends in the United States, for example.
However, ransomware is not the only threat facing organizations in the region. Theft of customer data and sensitive intellectual property is an ever-present risk in some of the busiest and most vulnerable verticals at this time of year — including retail, banking, telecoms and legal.
In retail and banking especially, this stolen customer data helps to fuel rampant fraud and account hijacking attempts. Many businesses emerging from lockdowns may be especially vulnerable to attacks.
Among the challenges they face defending attacks over December and January are:
Staffing: Most businesses will close during the holidays, leaving only a small IT team on call if a major incident strikes. Those that do continue to work may likely do so remotely and alongside other devices at home and on public networks. This can delay response times, expand the attack surface, and increase opportunity for damage and better containment is essential to buy more time.
Unsupervised networks: This means more potential vulnerabilities and opportunities for threat actors to compromise vital corporate assets.
Production freezes: In many retail and other organizations, there’s no opportunity to make infrastructure and security control changes in response to emerging threats.
Proposed fines: Increased penalties for serious or repeated data privacy breaches. Proposed updates in the Australia's Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 include AU$50 million, or three times the value of any benefit it obtained through the misuse of information, or 30% of the company's adjusted turnover in the relevant period, whichever is greater.
Let the gift-giving commence
While it’s inevitable that there will be breaches over the coming holiday period, organizations can limit the impact of these with the help of Illumio’s Zero Trust Segmentation capabilities.
Illumio automatically maps application communications and dependencies across all your workloads: data centers, public clouds, and endpoints.
With this intelligence, you can pinpoint the applications and systems most at risk and take action to block risky pathways and ports used by breaches to spread throughout your network. That’s the way to dramatically limit your corporate risk exposure.
To recap, here are three seasonal “gifts” Illumio offers to digital security teams:
1) Give your boss the gift of risk reduction.
- Improve your digital defenses and limit your breach exposure by pinpointing the applications and systems running in your infrastructure that are most at risk.
- Protect against malware and other cyberattacks both proactively and during an incident by blocking unsafe network communications. In so doing, contain ransomware incidents before they become holiday headline events.
- Highlight how you have measurably reduced the opportunity for malicious actors to reach and compromise critical assets.
2) Give the hackers a lump of coal via strong Zero Trust Segmentation.
- Lockdown the pathways that are commonly exploited by ransomware, like NetBIOS, SMB, RDP, and WinRM.
- Shut down routes to deprecated services that still live in your environment or legacy, unpatched systems that open a door into your network.
- Illumio’s Zero Trust Segmentation eliminates a significant percentage of high-risk connection paths. Focus on highly connected ports, peer-to-peer and administrative access ports, and limit endpoint access to cloud and data center assets to mitigate risk further.
3) Give your security operations (SecOps) team the gift that keeps on giving.
- Effective containment of threats is a major improvement in incident response, providing more time for SecOps to act.
- Gain more intelligence to neutralize threats. Any communication that violates security policy immediately triggers alarms and events to expose the attempt.
- Be prepared with pre-built policies so that you can safely activate emergency protection in case of a breach.
Threat actors will be primed and ready this holiday season. Make sure you are, too, with a security strategy to stop them in their tracks.
Learn more about Illumio Zero Trust Segmentation: