The CISO’s Guide to Ramping Up Cybersecurity During the Holidays: 7 Essential Steps for Incident Preparedness

Understand the Data Behind Holiday Threats

Holiday periods are notoriously risky in the cybersecurity world. A report from the FBI’s Internet Crime Complaint Center shows a 35% increase in cybercrime during the holiday season, with specific holidays like Thanksgiving and Christmas being prime targets. Phishing attacks, leveraging seasonal themes, increase significantly during these times. In November, phishing activity saw a 157% jump in unique fraudulent domains and a 200% spike in attacks targeting e-commerce.

Create an Incident Response Plan with Year-Round Refinement

An Incident Response Plan (IRP) should be a living document, reviewed and updated throughout the year. It must encompass all systems, resources, and processes, and be tailored to account for the unique challenges of holiday periods.

This includes ensuring that the plan remains effective even with reduced staff and outlining clear steps for incident identification, response, containment, and recovery. Consider instituting a dedicated Incident Reporting Hotline or Email for employees to quickly report any suspicious activity during the holidays.

And as obvious as it may seem, don't forget to review and update all emergency contact lists and escalation protocols, ensuring all team members know who to contact in case of an incident.

Develop Attack-Specific Playbooks

High-risk and high-likelihood attacks, such as ransomware and phishing, demand specific response playbooks. These playbooks should provide detailed action plans for these attack types, focusing on minimizing potential impacts and outlining robust recovery strategies. For instance, phishing scams and ransomware attacks continue to increase each year, emphasizing the need for targeted response strategies.

Developing holiday-specific incident procedures for extended periods of company closures or limited staff presence is crucial. This should include identifying key personnel that will be available during holidays and establishing streamlined communication and escalation processes. It's important to have contingency plans for scenarios when regular staff or resources are unavailable.

Engage with DFIR Services

Partnering with a Digital Forensics and Incident Response (DFIR) firm guarantees 24x7 support, crucial during holidays. This ensures access to expert help at a moment's notice, especially important during after-hours, weekends, and holidays.

Take a Proactive Approach to Cybersecurity Tabletop Exercises

Regular cybersecurity tabletop exercises involving key stakeholders from various departments (security, IT, HR, legal, and senior management) are vital. These exercises should simulate holiday-specific cyber-attack scenarios to test and refine the organization's response strategies.

Develop Communication Plans for Internal & External Readiness

Developing comprehensive communication plans is key to managing the narrative during a cyber incident. This includes having templates and protocols for both internal and external communications, ensuring quick, consistent, and effective messaging.

Focus on Employee Training asa Cornerstone of Cybersecurity

Continuous employee training is essential, especially in recognizing and avoiding holiday-themed phishing scams, social engineering attacks, and understanding the urgency of reporting any suspicious activity. Regular reminders and training sessions during the holiday season can significantly enhance the organization's overall cybersecurity posture.

Consider including training and company guidelines with tips and best practices for employees working from home or traveling during the holidays to improve device and browser safety and avoid common risks like connecting to unsecured public wireless networks or leaving devices unlocked and unattended.