Kicking off the new year with a renewed approach to cyber resilience

While many organisations enjoyed a quieter spell over the festive period, the final few weeks of the year are usually a busy period for cyber criminals, with some cyber experts estimating that there was a 70% rise in the volume of cyber attacks in the run up to Christmas.

During periods of diminished staff availability, organisations are particularly vulnerable to attack from threat actors, who can exploit any temporary dip in vigilance and responsiveness. Some will return to the office to an unwelcome Christmas present: a ransom demand, a phishing email, or a fraudulent transaction. Others may be hosting an invisible and uninvited guest, who might remain undetected in the network for weeks or months.

Here is a timely reminder of some of the key cyber risks to be aware of:

• Ransomware: The flurry of activity in the lead up to Christmas can provide a useful distraction to cyber criminals, who know that many organisations are working with a significantly reduced staff (including IT teams), making detection less likely.
• Phishing: There is a significant uptick in email traffic over the festive period, making it more difficult for recipients to spot suspicious emails. This is particularly true where employees use work devices for personal purposes, like shopping for gifts (many phishing emails look like legitimate invoices or delivery updates).
• Social engineering: With key personnel within the organisation being out of office, it is easier for cyber criminals to impersonate those individuals.  Increased pressure and workload can lead the victim to forego the usual checks and balances.
• Unsecured networks: Many staff members will be working remotely or travelling and connecting to unsecured or unfamiliar networks. Cyber criminals can take advantage of any security lapses in Wi-Fi hotspots in order to infiltrate devices.
• Out of date software: Absence of IT staff might result in a delay to the implementation of patches and updates, which can leave networks exposed to cyber attack.

It is important to take the following steps now to detect any unauthorised activity which has occurred over the festive period, and bolster cyber resilience for the future:

• Escalate any suspicious emails to the IT team for investigation
• Review transactions over the festive period and investigate anything which appears unusual
• Ensure that networks and devices are protected with the latest software updates and patches
• Consider whether you have sufficient detection/alerts in place to detect unauthorised access, exfiltration of data etc.
• Ensure that authentication procedures are robust (including multi-factor authentication and strong user passwords)
• Review network activity logs for any suspicious activity
• Ensure your cyber policies and procedures are up to date (e.g. data protection policy, bring your own device policy, acceptable use policy etc.)
• Provide regular refresher training for all staff

For more information about how to respond to a cyber attack, see our blog here: Top five things to do in the event of cyber attack | Burness Paull.

If you have suffered a cyber attack or you simply want to start a new year with improved compliance and preparedness, the Burness Paull cyber team is on hand to work with you to manage the incident and/or improve your cyber resilience going forward.