Be on guard this festive season for phishing, malware and compromised passwords

The festive period is a wonderful time of year, but along with the festive cheer comes an increased risk of cybercrime. Gift your employees a Christmas cybersecurity awareness campaign!

The last 19 months have certainly been a roller coaster.

We have been hit by a global pandemic, endured multiple lockdowns, seen supermarket shelves stripped bare and witnessed supply chains come to a complete halt.

But at least things improved from a cybersecurity perspective, right?

Wrong.

Cybersecurity and its importance in keeping organisations safe is nothing new, yet recent reports indicate many organisations are still significantly ill-prepared to tackle the growing number of cybercriminals and their increasingly sophisticated attacks. Even today, after billions spent over the years on cybersecurity, nearly 80% of senior IT and IT security leaders believe their organisations lack the necessary protection against cyberattacks (free infographic).

That number may make the mind-boggle, yet somehow it doesn’t seem surprising. Around 20% of organisations worldwide have no current plans when it comes to protecting themselves against cybercrime.

That is a Christmas gift too good for cybercriminals to refuse.

Cybercriminals don't do Christmas truces

The chances of your organisation and its employees getting even a moment's rest from the barrage of cyberattacks are slim to none.

The festive season is a prime time for cybercrime. According to a report by Positive Technologies, the last quarter of 2020 saw a 3.1% increase in social engineering attacks compared to the previous quarter. In turn, this represents an alarming 42.2% increase over the same period in 2019.

So, having painted a rather bleak picture, does this mean Christmas is cancelled?

Absolutely not!

“Before anything else, preparation is the key to success” — Alexander Graham Bell

To prevent falling foul to the tricks of cybercriminals, we need to understand what they are planning.  

It’s impossible to know with certainty when and how your organisation will be attacked. However, with proper preparation, it is possible to increase greatly your chances of thwarting the attacks successfully.

So, let’s put the mince pies down (just for a moment) and explore some of the top cyber threats we expect to encounter over the next few months.

Phishing

Like mince pies at Christmas, Phishing is one of the usual suspects and remains the most common threat vector. Unlike mince pies, it is a year-round blight with 83% of businesses experiencing attacks weekly.

Sadly, phishing is for life, not just for Christmas.

• Common Phishing subject lines:
  • Official Data Breach Notification
  • UPS Label Delivery 1ZBE312TNY00015011
  • IT Reminder: Your Password Expires in Less Than 24 Hours
  • Change of Password Required Immediately
  • Please Read Important from Human Resources

Malware

Malware attacks are on the rise. In 2021, 74% of businesses reported malware activity, up 13% from 2020 (free report).

Malware is this year's popular cyberscriminals' toy.

• Common forms of malware:
  • Ransomware
  • Trojan
  • Zeus Sphinx

Data breaches

Although a result of a cyber attack, rather than an attack itself, data breaches grab the headlines, trash reputations, sales and sometimes take down companies.

Personal data is the currency of the digital age. It flows through every area of our lives. This is why it’s the most sort after information by cybercriminals. In 2020, the average cost of a data breach was $3.86 million.

• Top three data breaches of the 21st century:
  • Yahoo - August 2013. Yahoo became the title holder of the world's largest data breach with a massive three billion accounts exposed.
  • Alibaba - November 2019. Taobao, a subsidiary of Chinese tech behemoth Alibaba, was the victim of a crawler software attack which scraped 1.1 billion pieces of customer data, including usernames, and mobile numbers.
  • LinkedIn - June 2021. LinkedIn saw data associated with 90% of its users (700 million) leaked on a dark web forum.

Compromised Passwords

Ah, passwords. The bane of every CISO’s existence.

And it’s not hard to see why. Despite all training and awareness efforts on managing and using strong passwords, 23.2 million people who were compromised used ‘123456’ as their password.

Keeping your organisation safe while enjoying the festivities

Despite the increased sophistication of firewalls and AI integration, there are voids that technology just can’t fill. Even today's safety technology-laden cars need a human with sufficient roadcraft to make them work to their full extent.

“In 2019, 9 in 10 data breaches were down to human error.”
UK Information Commissioner’s Office

""

When it comes to the 'people' of the 'people, process, technology' triumvirate, the most effective thing a CISO can do is create an educated, risk-aware workplace culture. Not a quick fix by any stretch of the imagination. But a core element is to raise awareness.

Your Christmas cybersecurity awareness campaign

To add festive spirit to your current awareness programme, take a look at our festive cybersecurity awareness campaign. It focuses on the common cybersecurity risks and threats we see at this time of year.

But crucially, it engages your employees and keeps uppermost in their minds the knowledge to successfully spot and report threats when they see them.

The nett result is the reduction of the odds of an attack being successful.

And remember, a Christmas cybersecurity awareness campaign is a great way to engage employees at the exact time of year they are likely to be most vulnerable.

Check out the campaign here.

The campaign elements can be purchased together, or separately to suit your needs. And if you order all elements by Friday 12 November, we’ll include a promotional email signature as a festive gift!

Let's all look forward to a cyber secure festive period.