As if security teams weren’t sweating enough, a wave of new cyber risks is emerging as workers take off for their summer holidays.
With more people working outside the office, personal devices and public Wi-Fi will be used to access sensitive corporate data. Hackuity get it it can be tough to resist jumping on that free Starbucks Wi-Fi after a second shot of espresso. Users are not the only ones.
Unsecured actions
Employees almost universally take security shortcuts, and Gartner has the data to prove it.
According to the analyst firm, more than 90 percent of employees who admitted to taking unsecured actions knew they were increasing risk to the organisation, shrugged, and did it regardless. Just as frighteningly, by 2027, 75 percent of employees will acquire, modify, or create tech outside IT’s visibility.
Increased cyber attacks
FBI and CISA warned of 'an increase in highly impactful ransomware attacks occurring on holidays and weekends'
Hackuity can already see attackers rubbing their giddy palms together. These systemic habits, paired with the increased likelihood of succumbing to them while flicking through corporate emails on a Caribbean beach, make for perfect attack conditions.
Organisations are at their most vulnerable, and bad actors know it. Just in 2022, the FBI and CISA warned of 'an increase in highly impactful ransomware attacks occurring on holidays and weekends – when offices are normally closed.'
While the full holiday season is not yet underway, recently, it is already seen the ongoing impact of the MOVEit vulnerability and data extortion claiming a domino chain of victims caught up in the widespread exploitation.
Top 3 recommendations
All right, that’s enough sweat-inducing context. Here are Hackuity’s top 3 recommendations to stay safe this summer:
- Automation: Ensure there is appropriate, ‘always-on’ threat detection software in place. With extra pressure on teams over the summer, this helps speed up the process of identifying and responding to threats even with less warm bodies in the office.
- Visibility: Security teams need clear, global (and nuanced) visibility of vulnerabilities across the attack surface that could threaten assets and data.
- Context: With a reduced headcount, context is key on what threats matter to a business, so users can focus more limited resources on the highest risks.
Practical cyber measures
As the weather heats up, and thoughts turn to a well-earned break from work, there is even greater pressure on security"
Sylvain Cortes, VP of Strategy at Hackuity, is urging organisations to take practical measures to ensure they are fully prepared to manage cyber threats during the holiday season, “As the weather heats up, and thoughts turn to a well-earned break from work, there is even greater pressure on security teams."
He adds, "Experience tells us this is exactly the environment that attackers can more easily exploit, so teams need to take particular care not to get burned by cyber incidents. Your cyber ‘SPF’ needs to be at its max."
Detect and prioritise threats
Sylvain Cortes continues, "It’s not possible to deal with every risk, this is about prioritising and mitigating those that could hit your organisation hardest. High on the list should be a clear view of every asset that could be exposed to cyber threats, inside and out."
He concludes, "Organisations must consider how changes in user behaviour can expand their attack surface. From mobile devices to public clouds, and all internal systems, ensure the right tools and processes are in place to detect and prioritise threats."