It may seem a little early to be thinking about the festive season. But ransomware rose 15 percent in Australia this past year, and cybercriminals are increasingly keen on exploiting national holidays to launch attacks in hopes of finding security teams distracted and ill-prepared.
For many organizations, late December and January are the most vulnerable months of the year. But it doesn’t all have to be coal in stockings.
Fortunately, there’s an opportunity to spread a little seasonal joy this year by helping organizations quickly better defend for the holiday season.
Why Christmas Is Cybercrime Season
Ransomware is top-of-mind for any chief security officer these days. According to the Australian Cyber Security Centre (ACSC), the average loss per incident grew 1.5 times over the previous financial year to reach more than $37,000. In many cases, these costs are much higher. It’s not just the direct cost of incidents that focus the attention of Asia-Pacific organizations: insurance premiums are rocketing across the globe, and in many cases, best practice security measures are now a prerequisite for coverage.
Cybercriminals are increasingly looking to capitalize on understaffed IT departments during the holiday seasons. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned recently that the Kaseya, JBS USA and Colonial Pipeline attacks all came during holiday weekends in the United States, for example.
However, ransomware is not the only threat facing organizations in the region. Theft of customer data and sensitive intellectual property is an ever-present risk in some of the busiest and most vulnerable verticals at this time of year — including retail, banking, telecoms and legal. In retail and banking especially, this stolen customer data helps to fuel rampant fraud and account hijacking attempts. Many businesses emerging from lockdowns may be especially vulnerable to attacks.
Among the challenges they face defending attacks over December and January are:
Staffing: Most businesses will close during the holidays, leaving only a small IT team on call if a major incident strikes. This can delay response times, and better containment is essential to buy more time.
Unsupervised networks: This means more potential vulnerabilities and opportunities for threat actors to compromise vital corporate assets.
Production freezes: In many retail and other organisations, there’s no opportunity to make infrastructure and security control changes in response to emerging threats.
Let the Gift-Giving Commence
While it’s inevitable that there will be breaches over the coming holiday period, organisations can limit the impact of these with the help of Illumio’s Zero Trust segmentation capabilities. We automatically map communications and dependencies across all your workloads, data centers and public clouds.
With this intelligence, we can pinpoint the applications and systems most at risk and take action to block risky pathways and ports used for lateral movement. That’s the way to dramatically limit your corporate risk exposure.
To recap, here are three seasonal “gifts” Illumio offers to digital security teams:
1) Give your boss the gift of risk reduction
- Improve your digital defenses and limit your breach exposure by pinpointing the applications and systems running in your infrastructure that are most at risk.
- Protect against malware and other cyberattacks both proactively and during an incident by blocking unsafe network communications.
- In so doing, contain ransomware incidents before they become holiday headline events.
- Highlight how you have measurably reduced the opportunity for malicious actors to reach and compromise critical assets.
2) Give the hackers a lump of coal via strong Zero Trust segmentation
- Lockdown the pathways that are commonly exploited by ransomware, like NetBIOS, SMB, RDP, WinRM.
- Shut down routes to deprecated services that still live in your environment or legacy unpatched systems that open a door into your network.
- Zero Trust segmentation like Illumio’s eliminates a significant percentage of high-risk connection paths. Focus on highly connected ports, peer-to-peer and administrative access ports, and limit endpoint access to cloud and data center assets to mitigate risk further.
3) Give your security operations (SecOps) team the gift that keeps on giving
- Effective containment of threats is a major improvement in incident response, providing more time for SecOps to act.
- Gain more intelligence to neutralize threats. Any communication that violates security policy immediately triggers alarms and events to expose the attempt.
- Be prepared with pre-built policies so that you can safely activate emergency protection in case of a breach.
Threat actors will be primed and ready this holiday season. Make sure you are, too, with a security strategy to stop them in their tracks.
To learn more: