Intelligence in CISO's Corner

The CISO’s Guide to Ramping Up Cybersecurity During the Holidays: 7 Essential Steps for Incident Preparedness

The holiday season - often associated with a slowdown in regular business operations and activities - conversely marks a heightened period for cyber threats.

With reduced staff and holiday distractions, there is a general drop in vigilance, giving cybercriminals an opportune moment to strike. As a CISO, it’s essential to recognize and prepare for these times of increased risks.

Here are seven essential steps for CISOs to consider as they seek to stay prepared and secure this holiday season:

Understand the Data Behind Holiday Threats

Holiday periods are notoriously risky in the cybersecurity world. A report from the FBI’s Internet Crime Complaint Center shows a 35% increase in cybercrime during the holiday season, with specific holidays like Thanksgiving and Christmas being prime targets. Phishing attacks, leveraging seasonal themes, increase significantly during these times. In November, phishing activity saw a 157% jump in unique fraudulent domains and a 200% spike in attacks targeting e-commerce.

Create an Incident Response Plan with Year-Round Refinement

An Incident Response Plan (IRP) should be a living document, reviewed and updated throughout the year. It must encompass all systems, resources, and processes, and be tailored to account for the unique challenges of holiday periods.

This includes ensuring that the plan remains effective even with reduced staff and outlining clear steps for incident identification, response, containment, and recovery. Consider instituting a dedicated Incident Reporting Hotline or Email for employees to quickly report any suspicious activity during the holidays.

And as obvious as it may seem, don't forget to review and update all emergency contact lists and escalation protocols, ensuring all team members know who to contact in case of an incident.

Develop Attack-Specific Playbooks

High-risk and high-likelihood attacks, such as ransomware and phishing, demand specific response playbooks. These playbooks should provide detailed action plans for these attack types, focusing on minimizing potential impacts and outlining robust recovery strategies. For instance, phishing scams and ransomware attacks continue to increase each year, emphasizing the need for targeted response strategies.

Developing holiday-specific incident procedures for extended periods of company closures or limited staff presence is crucial. This should include identifying key personnel that will be available during holidays and establishing streamlined communication and escalation processes. It's important to have contingency plans for scenarios when regular staff or resources are unavailable.

Engage with DFIR Services

Partnering with a Digital Forensics and Incident Response (DFIR) firm guarantees 24x7 support, crucial during holidays. This ensures access to expert help at a moment's notice, especially important during after-hours, weekends, and holidays.

Take a Proactive Approach to Cybersecurity Tabletop Exercises

Regular cybersecurity tabletop exercises involving key stakeholders from various departments (security, IT, HR, legal, and senior management) are vital. These exercises should simulate holiday-specific cyber-attack scenarios to test and refine the organization's response strategies.

Develop Communication Plans for Internal & External Readiness

Developing comprehensive communication plans is key to managing the narrative during a cyber incident. This includes having templates and protocols for both internal and external communications, ensuring quick, consistent, and effective messaging.

Focus on Employee Training asa Cornerstone of Cybersecurity

Continuous employee training is essential, especially in recognizing and avoiding holiday-themed phishing scams, social engineering attacks, and understanding the urgency of reporting any suspicious activity. Regular reminders and training sessions during the holiday season can significantly enhance the organization's overall cybersecurity posture.

Consider including training and company guidelines with tips and best practices for employees working from home or traveling during the holidays to improve device and browser safety and avoid common risks like connecting to unsecured public wireless networks or leaving devices unlocked and unattended.

The Bottom Line on Cyber Preparedness During the Holidays

As we approach the holiday season, we should be conscientious about the increased threats and potential impacts during periods of time-off and leaner IT and Security teams. By strengthening our Incident Response Plans, developing specific attack playbooks, ensuring robust holiday-specific procedures, engaging with DFIR services, conducting thorough tabletop exercises, maintaining effective communication channels, and continuously training our employees, we fortify our defenses against the heightened cyber risks of the holiday season.

It’s not just about enjoying the festive period; it's also about ensuring our organization's safety and resilience in the face of potential cyber threats. No one wants to get pulled away from their friends and family to deal with a security incident, so let's do our best to proactively prevent and prepare ahead of time.

Sign up to get Cyber Intelligence Weekly in your inbox.