Between holiday parties, family celebrations and last-minute trips to pick up presents at the mall, the last days of the year are also some of the liveliest. For most people, it’s a time to take off from work, reconnect with loved ones and enjoy the season’s sparkle. But while many of your employees are planning their vacation time, ruthless cybercriminals are plotting to take advantage of their absence.
The holiday season is the busiest time of the year for retailers and e-commerce merchants, with as much as 20% of total annual retail sales taking place in the weeks between Black Friday and Christmas. But it’s also peak season for payment card fraud, with data showing that the number of stolen credit card numbers for sale on the Dark Web is 20% typically higher in the period from November to January than it is over the next three months. Meanwhile, volumes of phishing and credential harvesting attempts targeting holiday shoppers typically climb as well.
’Tis the Season…
In many ways, the holiday season represents the perfect storm for cybercriminal activities: on the one hand, many organizations’ defenses are down because large numbers of employees take time off for the holidays. On the other, threat actors are especially active because increased transaction volumes (and busy, distracted shoppers) offer a golden opportunity that would-be fraudsters are eager to take advantage of.
Cybercriminals are opportunistic. They know they can hide phishing attacks amidst the huge volumes of unsolicited promotional emails that people receive around the holidays. They’re aware that retailers stand to lose significant amounts of revenue if their websites are down on Black Friday (hence ransomware attack volumes increase by as much as 30% during this period). And the understand that corporate decision-makers are under stress at this time of year – and, thus, more likely to make mistakes.
Maintaining a high-performing security operations program in-house is challenging at any time of the year. Finding enough qualified professionals to staff your program is far from easy, with between 700,000 and one million cybersecurity positions currently unfilled within the US. And finding specialists in areas like incident response, content engineering or building integrations among different vendors’ cybersecurity solutions is more difficult still.
During the busy season around the holidays, these challenges increase exponentially. Organizations that were already struggling to find enough skilled staff to monitor their environment and respond to alerts throughout the rest of the year may find that holiday-related disruptions make it nearly impossible. And calling in employees to work overnight shifts is bad for employee morale at any time, but doubly so on Christmas.
But cybercriminals don’t take evenings and weekends off. If anything, they ramp up their activities around the holidays, making it especially important to maintain round-the-clock coverage then.
Leaning on an expert partner that can provide ongoing security monitoring (as well as threat hunting, incident response and other key capabilities) is especially important when threat volumes are up. Relatively few organizations have the budget, internal resources and maturity to be able to staff in-house security operations programs so that they have enough coverage for the days when people are off. Those that don’t still need to find someone to watch over their networks, valuable data and IT resources, or they’ll face significant business risks.
Here are a few of the things you should look for in a managed security service provider (MSSP) to protect your organization’s technology assets over the holidays – and throughout the year.
Here at Netrix Global, we’re proud to be able to provide all of these things and more. We bring 500-level expertise to every managed security service engagement we undertake, with ongoing access to all the resources you’d ever need to fill in staffing gaps – no matter when they might arise.
To learn more about our services, visit us at netrixglobal.com.