Happy Holidays! At least we’re all hoping they are going to be happy. With cybercrime and cyber terrorism on the rise, we’ll be lucky if we don’t get coal in our cyber stockings this year — especially if they already have cyber holes in them.
According to a survey of IT security and business professionals conducted by Dimensional Research when asked, “Are you concerned that your company may be more vulnerable to attack during major holidays such as Christmas and New Year’s,” 61 percent of security professionals said yes. Frankly, I’m surprised the number was so low.
A survey of hackers at last year’s DEFCON revealed that 81% of them admitted they are far more active during the winter holidays than any other time of year. It turns out that Christmas (56%) and New Year’s Eve (25%) were cited as the two busiest nights for those who pose cyber security threats. The study noted that, vacations during other times of the year tend to be staggered and therefore ensures that someone is on duty to oversee cyber security risks. However, the Christmas and New Year’s holidays leave companies far more shorthanded and therefore more vulnerable to cyber security risks.
According to John Kindervag, an analyst at Forrester Research, companies run an even higher risk of cyber-attacks around, and coming off, the holidays. This susceptibility is because they not only reduce staffing during this period, but they also avoid updating code for their websites and mobile applications. He adds that many companies fear their systems will break during peak traffic times while all their programmers are on vacation.
During major holidays, there are more malware and malicious e-mail based attacks, according to an article in PCMag.com. Cybercriminals like to craft phishing and spam campaigns that are specific to the holiday to increase the likelihood of the recipient falling for the scam. It’s one reason why employees should be reminded this month to be extra vigilant about suspicious emails and phishing.
As for you, this month here are five IT security gifts you might consider giving yourself:
- Reassess Your Password Management System: 70 to 80 percent of all network damage is performed by a hacker who stole, or worse, guessed the password. When users select passwords they can easily remember such as names of spouses or children and other easily discovered names and numbers, hackers can quickly crack them with readily available brute force password cracking tools. Unfortunately, when users choose more difficult, easily forgotten, passwords, help desk password reset requests increase considerably. Installing an enterprise password management system gives users the freedom of choosing their password while allowing administrators to set thresholds for password strength, policy and IT security measures. Better ones can also be used to filter out more than 1 million different words in multiple different languages that are commonly used and guessed as passwords.
- Automate Your Access Certification Software: minimize cyber security risks and access certification and governance issues by using automation and rules engines to validate access.
- Calculate Your Metrics Reporting Software: automatically employ generated reports to detect governance, orphan risks and compliance trends around risk-related items and operational metrics such as cyber security vulnerabilities, patching, financial or any other customizable category you desire — a valuable tool for gaining support from executive management.
- Automate Group Management: link group membership to an authoritative source, like a human resources information system, for optimum and immediate compliance management. Ensure only the appropriate people are members of sensitive groups. Automation guarantees group members receive swift, appropriate access to applications or email distribution list based on their job titles, departments or locations.
- Take A Look At Identity Intelligence Software: it should make all administration action visible, while conducting a real time capture of all activities across an enterprise and presenting a way to reduce user provisioning and identity and access management cyber security risks.
It’s been said there are two types of businesses in the world — those that have experienced a cyber-attack, and those that will. That’s a pretty sobering and cynical thought but forewarned is forearmed so this is the time of year to hope that the Holidays are merry but prepare for what just might be less than a Happy New Year.
Begin your identity and access management initiative by following expert recommends for business process workflow automation, self-service administration and IT security.