Skilled safety leaders know that attackers are affected person.
Attackers can infiltrate company chat methods like Slack or Microsoft Groups and simply … watch. For months, they monitor conversations, study who the skilled workers are, and take notes on upcoming trip plans and every group member’s communication type. Then when the corporate shifts to a skeleton crew — maybe throughout a significant vacation or summer season break — they strike.
For one group, this silent reconnaissance had devastating outcomes, says Ed Skoudis, president of the SANS Institute and founding father of Counter Hack. An attacker posed as a trusted colleague in a chat channel and tricked a junior worker into making important configuration modifications whereas many group members had been on trip. The worker, remoted and keen to assist, had no purpose to doubt somebody who was inside the corporate’s trusted setting. The attacker’s persistence, timing, and social engineering created an ideal storm — one which underscores the necessity for verification, vigilance, and higher operational safeguards during times of lowered staffing.
Whether or not it’s the sluggish week between Christmas and New 12 months’s Day in Western international locations, the European summer season break in August, or different durations throughout the yr when massive numbers of staff go on trip, organizations with a world footprint should keep cybersecurity continuity throughout regional slowdowns. Holidays like Lunar New 12 months in Asia and the Eid feast days within the Center East usually imply fewer employees overseeing important operations. When a part of the workforce scales down, attackers ramp up.
“This can be a very arduous drawback,” says Skoudis, noting that fewer folks on the helm leaves organizations weak to assault. Safety leaders have the problem of defending their environments when half the safety group is offline.
Why Cybercriminals Like Holidays
With distant workforces, firms have fewer touchpoints with staff. Add holidays to the combination, and safety groups face a slew of potential dangers throughout these occasions.
“Attackers go on crime sprees throughout the holidays,” Skoudis says. “They know organizations are downscaling operations. Mix that with workers who could also be junior, unfamiliar with procedures, or remoted, and you’ve got a really perfect time for attackers to strike.”
Past direct threats, these sluggish durations additionally exacerbate operational gaps. Patching schedules, configuration monitoring, and incident response occasions can lag.
It is not simply protection, says Chris Niggel, a regional CSO at Okta. It is about ensuring operations proceed to run easily when groups are short-staffed.
“The most important problem is ensuring that your groups can keep the service-level agreements and are in a position to react to threats shortly, even when the groups are smaller,” Niggel says.
For instance, the important vulnerability in Log4j was found towards the top of December 2021, a time when many organizations had been working with minimal workers. Addressing the flaw required quick and immediate motion, and plenty of companies struggled to reply shortly sufficient. Attackers, effectively conscious of the delays in response, seized the window of alternative to take advantage of unpatched methods.
“Groups had been already skinny, however nonetheless needed to react,” Niggel says. “That is the place having stable communication plans and fallback methods is important.”
Niggel additionally notes that organizations that fared higher throughout Log4j had ready for such situations by implementing automated monitoring instruments, preemptive patching plans, and clear escalation paths for when key personnel had been unavailable. These measures ensured that vulnerabilities may very well be prioritized and addressed, even with a lowered workforce.
Preparation Is Key to Bridging the Gaps
By figuring out dangers, coaching staff, leveraging know-how, and strategically distributing workloads, firms can create a security web that protects each methods and operations. The secret’s not ready till the final minute; preparations have to be in place earlier than workers members log off.
Organizations can mitigate vacation dangers with proactive methods:
-
Create a plan upfront. Establish staffing ranges and clearly define escalation paths. “It is like Tetris blocks,” Skoudis says. “You want to fill the hours, outline decision-makers, and keep away from leaving important selections to essentially the most junior workers.”
-
At all times confirm. Practice staff to confirm requests for pressing actions, significantly throughout downtime. Skoudis recommends easy measures: callback cellphone numbers, video chats to substantiate id, and utilizing images in a company listing. By no means belief a message at face worth, he says. “You are trying to get extra measures of verification that this particular person is who they are saying they’re,” he says.
-
Deploy know-how and automation. Automate alerts and verifications to scale back human error. Niggel says Okta’s methodology of notifying staff about uncommon log-ins contains automation that enables safety to deal with necessary alerts. “If an worker logs in from a novel location, they’re going to get a message in Slack,” he says. “If an worker is logging in from grandma’s home, they will click on sure to confirm.”
-
Freeze modifications for important methods. Code and configuration freezes throughout sluggish durations cut back operational dangers. “A freeze requires further effort to make modifications,” Skoudis says. “It prevents attackers and limits the possibility of unintentional errors.”
-
Undertake a “follow-the-sun” mannequin. Multinational organizations can distribute workloads throughout time zones. Mark Lance, head of DFIR at GuidePoint Safety, suggests utilizing groups in areas the place holidays are usually not being noticed. “It is about stability,” he says. “When one area steps again, one other steps up.”
Tradition, Collaboration, and a Wholesome Dose of Paranoia
The human ingredient can also be important to any safety plan — even when fewer staff are on the clock. Lance says fostering collaboration and lowering isolation throughout skeleton crew durations is essential to protection.
“Higher choices occur while you’re not alone,” Lance says.
Having escalation paths and making certain junior staff know the place to show when one thing feels off could make all of the distinction. Niggel agrees, emphasizing the significance of correctly coaching workers on the right way to deal with most of these conditions.
“Insurance policies exist for a purpose,” he says. “Staff must know they will fall again on established processes and ask for assist.”
Vigilance should stay excessive, regardless of the season. Attackers do not take breaks — and neither ought to enterprise defenses. Whereas firms cannot all the time predict when an assault would possibly happen, preparedness, verification, and good staffing methods assist bridge safety gaps when a part of the group is off. As vacation seasons and international occasions come and go, staying one step forward requires a mixture of know-how, planning, and teamwork.
“At all times be suspicious,” Skoudis says. “If one thing feels flawed, confirm it. You would possibly cease a catastrophe.”