Cybersecurity threats can occur at any time of the year, but there will always be an increase during the holiday season. This is because of the increase in online shopping activity, more devices that are connected to the internet, and low staffing because of vacation. Here are some common types of threats that may happen during the holiday for companies:
Phishing is a cybercrime in which a target or targets are contacted via emails, websites, phone, text message or other tools by attackers to lure an individual or individuals to providing sensitive data including personally identifiable information, banking account information, credit card number, passwords or other login credentials.
We will receive more emails at the end of the year, such as promotion emails, order receipts, or shipping notices. Cybercriminals can insert malicious links or attachments through those emails that can give greater risks to business networks. There are types of phishing scams that your company can have during holiday such as fake order receipt, gift card scam, fake holiday sales and promotions.
Malware (Malicious Software) is a program or file that is internationally made by threat actors to harm a computer, network, or devices. Malware examples such as viruses, ransomware, Trojan horses, spyware, crypto jacking, etc.
One of the biggest malware attacks during the holiday was Shamoon Malware on The Saudi Aramco. The attack was started in 2012 when one of the IT team at Saudi Aramco opened a scam email and clicked on a malicious link containing malware, called Shamood. The malware was also known as W32.Distrack is an aggressive, disk-wiping malware that can wipe the master boot records and replace it with various images.
The result of this attack was massive because more than 30,000 workstations at the company were affected. Saudi Aramco technicians had no choice but to rip cables out the backs of computers all over the world. Therefore, every office was physically unplugged from the internet so all the company activities were done manually. Not only that, Saudi Aramco bought 50,000 new hard drives to replace the infected ones.
Ransomware is a type of cyber threat that uses malware to encrypt files on a computer system then demand a ransom for the decryption key. There are two types of ransomware; crypto-ransomware and locker-ransomware.
Crypto-ransomware encrypts an organisation’s data and demands a payment (ransom) before decrypting and returning the information safely. Locker-ransomware restricts users from accessing files, not encrypting them, before demanding a ransom to unlock the data.
According to a data report from IBM, ransomware attacks grew and destructive attacks got costlier. In 2022, the average cost of ransomware attack is US$4.54 million and the average cost of a destructive attack is US$5.12 million. The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by over USD 430,000.
How to protect your business during the holiday season
It is important for companies to take steps to protect their business from cyber attacks. Here are some tips to prevent against the cyber threats during holiday season:
Educate and train employees on how to identify and avoid cyber attacks, such as phishing and malware. Also, encourage employees to report any suspicious activity to the IT department.
Use strong and unique passwords
Make sure to always remind and encourage employees to use strong and unique passwords for all company accounts and devices. Intel created World Password Day and commemorated the first Thursday of May to address the urgent need for strong passwords. Take World Password Day as an opportunity to raise an awareness of the importance of strong passwords and ask employees to change their passwords regularly.
Enable two-factor authentication (2FA)
Encourage employees to enable two-factor authentication (2FA) on all accounts whenever possible to add extra security for your business accounts.
Secure your networks
All of your network, application and devices should meet a certain cyber hygiene to protect your most valuable data and information and prevent cyber threats. Automated cyber hygiene and policy enforcement to meet your needs and your industry security compliance. Maintain the highest standards of cyber-hygiene across the organisation.
Choose an all-in-one cybersecurity solution
Protect your business with a comprehensive and all-in-one security solution that provides real-time cyber threats warnings, actionable insights and security analytics to continuously strengthen your security posture and minimise the risks of cyber-attacks during the holidays.
Still confused about how to pick cybersecurity solutions for your company? You can try ArmourZero, the future of cybersecurity, powerful and modern Cloud IT Security Operation as-a-Service in one platform. Also, get a Free 14-days Email Assessment to Check Your Business Email Security Level.
Share this post
- 02 Feb 2023
- By:Bernadetta Septarini
- Category: ArmourHacks
Indonesia’s reliance on antivirus alone is a cybersecurity blindspot. Today, we need multi-layered security to stop cyberattacks. Find out more about it here.
- 13 Jan 2023
- By:Bernadetta Septarini
- Category: ArmourHacks
In 2023, how can businesses ensure their budget while still protecting themselves from cyber threats? Learn tips on how to protect your endpoint from threats.