Facing hard truths is the first step to beating cybercrime over the holidays

As companies start to gear down for the holidays, so begins the busiest time of year for cyber criminals. Networks and company systems are typically watched with less scrutiny by skeleton crews, making it a prime time for hackers to ramp up spam, phishing, ransomware, and malware attacks. Employees can also be distracted or in a rush to finish tasks as the business prepares to shut down, so they may let their guard down, miss signs of a cyber attack, practice poor cyber safety, or get duped through social engineering.

Ransomware and Phishing Love The Festive Season Too

A report in December 2021 showed that ransomware attacks increase by 30% on average across the world during the holiday season while attempted ransomware attacks grow by 70% in November and December[i]. Phishing attacks also increase dramatically, with statistics in 2021 showing an increase of 150%, as email communication around Black Friday deals and festive season offers flood inboxes[ii].

A vulnerability audit is the starting point for any business that has no view of its security posture.

Related reading: Digital brand hijacking gets real >>

The Real Gift of Vulnerability Assessments and Audits

Vulnerability assessments reveal how organisations’ people, networks, endpoints, and web applications could give attackers unintentional access to confidential company data based on how they have been designed and managed. 

For most businesses, a vulnerability audit is an eye-opener, especially for those that believe they’ve got their cyber security sorted. Companies often apply what they can afford to the areas of the infrastructure they believe to be most important, but this approach is costly and not always effective, especially when solutions are badly configured, left unmonitored or out of date.

Staying a Step Ahead: Find Out the Unknowns

One study revealed that 84% of companies have high-risk vulnerabilities on their external networks but that half of these could be removed simply by installing updates[iii].

“Unfortunately, a lot of businesses have no idea where or how they are vulnerable. As threats and threat actors are constantly evolving, vulnerabilities are always shifting, making it prudent for businesses to have cyber security health checks regularly, and before periods when cyber crime is known to increase,” Charl Ueckermann, Group CEO, AVeS Cyber Security.

Knowing where gaps and vulnerabilities lie is the only way of ensuring that cyber security is beefed up adequately to address them. Patchwork efforts to close security gaps reactively are hardly ever effective, according to Ueckermann.

Pave the Way for Success

Additionally, the cost of protecting systems and data against cyber threats can rocket when investments in security technologies aren’t planned and don’t consider the company’s specific risks. At the heart of keeping company networks safe and security costs as low as possible is choosing the right tools for the job, configuring them properly, and monitoring them.

More on the basics of data loss prevention: Get the nuts and bolts in place to stop data loss >>

“With advanced and diverse methods of attack, the overall security posture of network systems, endpoint systems, email users and web applications should be evaluated regularly. An email security scan is just not going to cut it, especially if the software is not updated or if there are loopholes elsewhere.

Conclusion

AVeS Cyber Security urges South African companies to get ahead of cyber criminals this festive season by getting cyber health checks done on their systems. The company is offering affordable Black Friday packages to help companies get equipped for a cyber-safe festive season. The packages are focused on equipping businesses to understand where their vulnerabilities are.

• • • Managed Cloud Backup for M365: Fully managed cloud backups of Microsoft 365 data with no infrastructure investment.
    • CIS-Based Assessment for Azure: Deep dive into Microsoft Azure environments’ security with a CIS[iv]-based assessment, documented findings with recommendations, and a remediation roadmap.
    • CIS-Based Assessment for M365: Application-driven assessment and findings of the Microsoft 365 tenant’s security configuration. It includes aligning the findings into priority groups and creating a CIS-based report.
    • Online 5-day Information Security Assessment based on ISO 27001: Comprehensive maturity assessment of information security, cyber security, and privacy based on an international information security standard.
    • Online 5-day POPI Act Assessment: Comprehensive assessment of the company’s related practices and activities in alignment with the requirements of POPIA[v].
    • Online 2-day I&T Governance and Management Masterclass based on COBIT 2019: Learn what your IT objectives and practices are, how to align them, and which activities the business requires from IT.
    • Online 2-day Information Security Masterclass based on ISO 27001: Learn about the international requirements and implementation guidelines for information security, cyber security, and privacy. Topics include tips to protecting three aspects of an organisation’s data: its confidentiality, integrity, and availability.

Also on our blog: From threat to risk: A case study on tackling data governance in Financial Services >>

References

[i] https://darktrace.com/newsroom/darktrace-reports-30-more-ransomware-attacks-targeting-organizations-during-the-holiday-period-e

[ii] https://www.akamai.com/blog/security/phishing-holiday-season-attacks-on-the-rise

[iii] https://www.ptsecurity.com/ww-en/analytics/vulnerabilities-corporate-networks-2020/

[iv] Center for Internet Security

[v] South Africa’s Protection of Personal Information Act 4 of 2013.