Hackuity urges organisations to stay cyber-vigilant ahead of Summer Holiday Season
July 2023 by Hackuity
As if security teams weren’t sweating enough, a wave of new cyber risks is emerging as workers take off for their summer holidays.
With more people working outside the office, personal devices and public Wi-Fi will be used to access sensitive corporate data. We get it – it can be tough to resist jumping on that free Starbucks Wi-Fi after your second shot of espresso. You’re not the only one. Employees almost universally take security shortcuts, and Gartner has the data to prove it 1. According to the analyst firm, more than 90 percent of employees who admitted to taking unsecure actions knew they were increasing risk to the organisation, shrugged, and did it regardless. Just as frighteningly, by 2027, 75 percent of employees will acquire, modify, or create tech outside IT’s visibility.
We can already see attackers rubbing their giddy palms together. These systemic habits, paired with the increased likelihood of succumbing to them while flicking through your corporate emails on a Caribbean beach, make for perfect attack conditions. Organisations are at their most vulnerable, and bad actors know it. Just last year, the FBI and CISA 2 warned of “an increase in highly impactful ransomware attacks occurring on holidays and weekends – when offices are normally closed…”
While the full holiday season is not yet underway, in the last few weeks, we’ve already seen the ongoing impact of the MOVEit vulnerability and data extortion claiming a domino chain of victims caught up in the widespread exploitation.
All right, that’s enough sweat-inducing context. Here are Hackuity’s Top 3 Recommendations to stay safe this summer:
• Automation: Ensure you have appropriate, ‘always-on’ threat detection software in place. With extra pressure on teams over the summer, this helps speed up the process of identifying and responding to threats even with less warm bodies in the office.
• Visibility: Security teams need clear, global (and nuanced) visibility of vulnerabilities across the attack surface that could threaten assets and data.
• Context: With reduced headcount, context is key on what threats matter to your business, so you can focus more limited resources on the highest risks.
Sylvain Cortes, VP of Strategy at Hackuity, is urging organisations to take practical measures to ensure they are fully prepared to manage cyber threats during the holiday season:
“As the weather heats up, and thoughts turn to a well-earned break from work, there is even greater pressure on security teams. Experience tells us this is exactly the environment that attackers can more easily exploit, so teams need to take particular care not to get burned by cyber incidents. Your cyber ‘SPF’ needs to be at its max.
It’s not possible to deal with every risk, this is about prioritising and mitigating those that could hit your organisation hardest. High on the list should be a clear view of every asset that could be exposed to cyber threats, inside and out.
Organisations must consider how changes in user behaviour can expand their attack surface. From mobile devices to public clouds, and all internal systems, ensure the right tools and processes are in place to detect and prioritise threats.
1) Gartner Unveils Top Eight Cybersecurity Predictions for 2023-2024
2) Ransomware Awareness for Holidays and Weekends | CISA