Mitigating Business Cyber Risk During The Holiday Season

Lunar New Year – Bangladesh Bank, the central bank of Bangladesh, was the victim of a cyberattack that attempted to transfer $951 million to the Philippines ahead of the Lunar New Year weekend Mother’s Day – America’s largest fuel pipeline operator Colonial Pipeline was hit by ransomware during the Mother’s Day weekend, resulting in fuel shortages and consumer panic Memorial Day – The world’s largest meat processor JBS suffered a ransomware attack over the American Memorial Day weekend that affected servers supporting North American and Australian operations, threatening shortages throughout the world US Independence Day – Remote management software vendor Kaseya was hit by an attack over the 4th of July weekend that distributed ransomware via an auto update to its customers and customers’ customers, affecting thousands of victims in at least 17 countries Halloween – One of America’s largest candy manufacturers, Ferrara, was the target of a ransomware attack right before the critical Halloween sales period

Threat actors love to launch attacks against businesses during the holidays because holidays, or festivals, make cyberattacks easier for several reasons:

Alertness is Reduced – Everyone is in a good mood and employees are not as alert for social engineering attacks like phishing. They are more likely to open an attachment without suspecting malware, or enter their credentials in a website without checking if the website is genuine Staff Strength is Reduced – Many employees, including members of the IT team, will take time off ahead of or after the holidays to enjoy long vacations. Fewer IT staff at work implies reduced monitoring and slower response time to alerts, allowing attackers to compromise devices and networks. Staff on vacation also take longer to report to work if they are asked to return when an attack is detected, which delays an all-hands-on-deck response to a fast-spreading cyberattack Attacks Have Time to Spread – Attacks take time to spread through an organisation’s network and infect many devices. Attackers also like to take their time to identify which parts of the IT ecosystem are critical to the organisation’s functioning. A long holiday with no or minimal activity in the victim’s facilities allows the attack to spread through the organisation and increases the impact of the attack Maximum Impact on Profits – Many organisations experience a surge in sales during the holidays and are therefore more likely to pay an attacker quickly to resume operations as the cost of the ransom may be less than the loss in revenue and reputation

While any business can be attacked during the holidays due to the first 3 reasons mentioned above, businesses that are impacted by the 4th reason (impact on profits) can be considered to be at higher risk as they have more to lose from an attack timed to coincide with their peak sales season. These primarily comprise

Retail Travel & Hospitality Sweets & Giftables

Ecommerce Online shopping booms during holidays/festivals due to convenience, deep discounts, and employees receiving bonuses. A ransomware attack that takes down web servers, order processing data, or warehousing systems; a Denial-of-Service (DoS) attack that makes websites inaccessible to shoppers; or a data breach that leaks customers’ Personally Identifiable Information (PII), could all ruin a business.

Brick & Mortar Offline shopping may not receive as much attention as online shopping because it doesn’t attract high profile VC funding, but that doesn’t make it less vulnerable. A cyberattack on Point of Sale (POS) systems or on inventory tracking applications could bring operations to a complete standstill. The cyberattack on Kaseya (mentioned above) resulted in one of Sweden’s largest supermarket chains shutting all 800 stores in the country because cash registers were paralysed by the attack.