BACK

12 Cyber Security Threats of Christmas: Are you prepared?

12 Cyber Security Threats of Christmas: Are you prepared? Have you thought about the cyber threats your business could face this Christmas? Christmas is fast approaching, and while you are gearing up to decorate, purchasing presents and preparing the perfect Christmas dinner, hackers are looming on the side-lines planning their perfect time to strike. Our …

  • 11 Dec 2020
  • Ash Kerr
9 min read
12 Cyber Security Threats of Christmas: Are you prepared?

12 Cyber Security Threats of Christmas: Are you prepared?

Have you thought about the cyber threats your business could face this Christmas?

Christmas is fast approaching, and while you are gearing up to decorate, purchasing presents and preparing the perfect Christmas dinner, hackers are looming on the side-lines planning their perfect time to strike. Our down time is their Christmas Day – literally! Have you thought about the biggest cyber threats to your business during the most wonderful time of the year?

This is the first exclusive content in our ’12 Days of Christmas’ campaign, where we are aiming to educate you around the dangers Christmas could provide to your business how to prepare. This blog covers 12 major cyber threats you may face during this time. Some you may be aware of, but others may not have crossed your mind. Here at DigitalXRAID we want you to feel safe and enjoy time with your loved ones over the Christmas period, relaxing while knowing your business is protected.

“Why should I be worried about Christmas in particular?”

We hear you. What is it about Christmas that should make you think more about cyber protection than other times of the year?

Well, the obvious answer is you should always be thinking about cyber security and safeguarding your business; however, Christmas is a time where people drop their guards. Do you want to relax and spend time with those you care about? While you are enjoying yourself, you could fail to notice your business being hacked, because when you are not on constant watch, that’s when hackers strike.

They know when you are sleeping… and they know it could take days before you realise you have been hacked or attacked. It is the perfect time of year for them to strike without you knowing and being blissfully unaware until your customer data is in the wrong hands.

There is also Covid-19 to consider, and the implications this has caused on businesses. Working from home increases your chances of being hacked if you are not suitably protected, and there is more chance of you being open to attacks. Combine this with Christmas and your business could potentially be a flashing neon sign for hackers looking for targets.

Therefore, without further ado, on the first day of Christmas we give to you… the twelve threats of Christmas:

1. Phishing

Phishing is one of the most common threats used by hackers. Why? Because it works. Those who are unaware can accidentally give away important personal details, business credentials, and information vital to the security of their business such as passwords and bank details.

There has been an increase in phishing attacks, with the NCSC 2020 Annual Review reporting a rise from 72% to 86% between 2017 to 2020[1]. Phishing attacks in 2020 have been Covid-19 focused, with 251 Covid-19 focused phishing campaigns in the UK taken down by NCSC since March.

There are different types of phishing you need to be aware of:

  1. General Phishing – Usually easy to spot with grammatical and spelling errors, asking for details and/or money, and promising something in return – often a ‘lover’ or ‘lotto wins’.
  2. Spear Phishing – These are harder to spot and use targeted personalised information to make them sound as though their legitimate sources, such as suppliers or businesses you may know.
  3. Whaling – This is CEO fraud and is highly targeted at senior executives. They usually use a sense of urgency to persuade the reader to act, often giving away sensitive information. It is sophisticated digitally enabled fraud through Social Engineering (more on this later).

What to do if you have fallen victim to a phishing scam?

Ignore the email, report to your IT management, and if you think you may have accidentally given away vital information immediately report it to Action Fraud UK. The best offence against phishing attacks is defence; make sure your business is protected and your staff well-trained before you become a victim.

2.  Ransomware

Phishing emails can and often do lead to Ransomware attacks. In 2020 there has been a significant increase of Ransomware attacks against the public sector, specifically education[2]. Local councils have also found themselves targets; with criminals now threatening to leak sensitive data to the public.

What is Ransomware?

Often following phishing campaigns, Ransomware prevents you from accessing certain data on devices and the information stored there. Data is encrypted which criminals then demand payments to release which can severely impact a businesses or organisations services. One recent major Ransomware attack was the WannaCry malware which impacted the NHS in 2017[3].

For both SME and larger businesses, Ransomware is often the biggest threat to cause more than 24 hours downtime[4]. In 2020 there has been an increase in scale and impact of Ransomware attacks, and it is something to be aware of especially around Christmas time where for example emails could be seasonally related and con businesses into thinking they have parcels waiting for collection or missed deliveries.

3. User/Human Error

User/human error is still one of the biggest vulnerabilities when it comes to cyber security threats. Are your staff trained properly? Is the code on your website up to date and regularly checked? Accidental mistakes can be a disaster when it comes to the security of your business.

Unfortunately, cyber criminals are aware of this common overlook, and will try to exploit it where possible. It is easier than you think to protect against human and user errors. Around Christmas time where attacks can be more prevalent make sure your staff are up to date on their cyber security training, double check the code on your website, and make sure cyber policies are up to date.

A report from NCSC in February 2020 found that of the 2,376 breaches reported to the ICO in 2019, nine out of ten were caused by human and user errors[5]. By making sure your staff are updated and trained you are eliminating one of the major weakest links when it comes to cyber security, as you are closing any potential gaps that hackers could exploit and use to breach your company.

4. Credentials Stolen

Are your business credentials for sale on the Dark Web? How do you know? More than 15 billion business credentials are in circulation on the dark web, this is up 300% since 2018[6]. This information comes from over 100,000 business breaches and gaining this information through account takeovers has never been easier for cyber criminals.

Businesses financial details, personal information, and sensitive documents are often stored in the cloud. While we may think it is safe, without the adequate protection your information is vulnerable to hackers who sell your data to the highest bidder.

You can check if your business credentials have been stolen or breached here: https://haveibeenpwned.com/, no information is stored on the database so your findings are safe and secure. The biggest breaches where your credentials can be stolen and sold on the dark web are through Phishing and Ransomware attacks, therefore it is vital to make sure your business is protected this Christmas so you can relax and feel secure knowing your information is safe.

5. Insider Threat

Are your employees happy? Are any of them disgruntled, holding grudges, perhaps you have some ex-employees who left on a sour note? Insider threat is a big problem when it comes to cyber security, and sensitive information can be leaked.

Preventing and protecting against any insider threats is the best method to mitigate any potential cyber security risks. Whilst insider threat is on a decline in comparison to Phishing and Ransomware[7], it is still something to be aware of. Make sure your software is up to date and patched correctly, staff are trained on protocol, and your passwords and sensitive information are updated and changed regularly to keep data secure.

6. Weak Passwords

Too many businesses use the same passwords for multiple accounts, leaving them open and vulnerable. Are your passwords secure? Are they complex enough to make it hard for cyber criminals to breach?

Long passwords with a mix of capital letters and non-capitals, including numbers and special characters. We know it can be frustrating, but it prevents hackers from gaining access to your accounts and sensitive data.

Before you leave for Christmas double check your passwords are up to code, that your staff are following the password security policies, and that there are no gaps where hackers could potentially gain access while your guards are down.

Consider a password management tool. They offer a more secure way of managing multiple accounts and multiple passwords. For further information on password managers look no further than this NCSC article[8], which should help you find the best solution for your business.

7. Incorrect Use Of Admin Accounts

Similar to human/user error, admin errors and incorrect use of admin accounts can lead to cyber breaches and hackers gaining access to sensitive information. If passwords are weak, and administration is overlooking security protocol, it leaves your business open to attack. Admin accounts often hold and store sensitive information about finances, accounts, etc., which if not secured efficiently could lead to disaster without you being aware of the breach for days.

Before Christmas check your admin accounts are secure, that data is protected, and that there are no gaps cyber criminals could target while you are unprepared. This way you can relax over Christmas.

8. Social Engineering

Mentioned briefly earlier, Social Engineering has a category of its own due to its sophisticated and differing methods to breach your business. With hackers finding new ways of fooling businesses into giving away private data, accidentally installing malware on devices and giving access to their accounts, Social Engineering has never been more of a threat than before.

Social Engineering often involves psychological manipulation, at Christmas time this may be manipulating your goodwill. These clever attacks trick employees and businesses into giving away sensitive data to hackers. Social Engineering is clever because it involves a human element, praying on the need to help others, and can therefore be difficult to prevent.

Covid-19 has also increased the risk of Social Engineering, as more employees are working from home using cloud-based systems which are easier for hackers to breach if not secured effectively. To prevent this, we would suggest making sure all your staff are adequately trained before Christmas, and that they are aware of the psychological methods Social Engineering methods may use to manipulate them.

9. Data Exfiltration

Does your business have systems in place for data loss prevention (DLP)? Data Exfiltration is a security breach which can be conducted manually with access to a computer or virtually through malware and malicious programming on a network. These attacks are often targeted with a specific aim and intent to gain access to a network or computer to locate and copy specific data.

According to the DCMS ‘Cyber Security Breaches Survey 2020’, 46% of businesses and 26% of charities reported cyber security breaches or attacks over a 12-month period, most of these experiencing these issues weekly[9]. Phishing and Ransomware are methods used to gain access to data, and businesses should have systems in place to minimise Data Exfiltration by protecting their businesses against Phishing, Ransomware, Malware and other potential breaches. Make sure your business is protected before you leave for Christmas, that staff are trained, and your emails are as secure as possible.

10. Misconfiguration of Devices

Are your devices configured correctly? Is your firewall working and updated properly? When cyber security software is updated or changed, this is when misconfigurations are most prevalent, leaving your business open to attack.

With Covid-19 and the shift to remote working, businesses have never been more vulnerable than now. With more businesses using Cloud storage software whilst employees work from home, the dangers are at an all-time high. Misconfigured storage services have contributed to more than 200 breaches over the past two years which have exposed more than 30 billion records[10]. It is vital your firewall is in place and working to protect your organisation from hackers.

Fortunately, many potential breaches are preventable simply by checking for any cyber security misconfigurations which are usually due to human and user error. Double check everything is updated and configured correctly before leaving for Christmas, minimising any gaps in your cyber security that cyber criminals can use to breach your company.

11. Patched Devices

Updating the patching on your devices is crucial in defence against hackers and cyber criminals. Patches are important because they fix known flaws in products that hackers could potentially use to gain access to your business. Keep the software on mobiles, tablets, laptops and desktop PCs up to date to reduce any vulnerabilities being exploited.

12. IoT Based Attacks

The ‘Internet of Things’ has been both a wonder and a curse. Connecting multiple devices through cloud-based software so you can use them all from one place has made working and living easier. However, it can come at a cost. Unfortunately, the speed and quality of manufacturer responses to security issues in ‘Internet of Things’ products has been extremely varied and many still lack basic security features[11].

At Christmas, gifts and potential cloud based connected devices can potentially cause a risk to your business. Make sure devices are updated, passwords are secure and complex, and keep the employees updated with relevant changes. NCSC is working on solutions to provide better cyber security for the IoT, but it is important that you as a business remain vigilant and aware of any potential issues.

Wrapping Up

See what we did there…?

We hope you have enjoyed reading our ‘12 Threats of Christmas’, and perhaps are now thinking about taking some steps to prevent your business from hackers, and to keep your data secure, not just over the Christmas period, but further ahead too. Remember, it is not all bad news, the fact you are reading this means you are taking the next steps in ensuring your business is safe over Christmas and beyond.

If you would like to stay up to date with our ‘12 Days of Christmas’ campaign where you could win a free one-to-one cyber security advice session for your organisation, free Cyber Awareness training for your employees, or even an External Vulnerability Test for your business, then be sure to fill in the form below so we can get in touch with you!

 

[1] NCSE 2020 Annual Review, ncsc.gov.uk/annual-review-2020

[2] NCSC 2020 Annual Review, p.68, ncsc.gov.uk/annual-review-2020

[3] NCSC 2020 Annual Review, p.82, ncsc.gov.uk/annual-review-2020

[4] Cisco Cyber Security Report Series 2020, p11, Cisco Small and Medium-Sized Business Report 2020

[5] NCSE February 2020 Report, https://www.ncsc.gov.uk/report/weekly-threat-report-7th-february-2020

[6] From Exposure to Takeover, Digital Shadows, p. 2, https://resources.digitalshadows.com/whitepapers-and-reports/from-exposure-to-takeover

[7] The Register, May 2020, https://www.theregister.com/2020/05/19/verizon_data_breach_report/

[8] NCSC, November 2018, https://www.ncsc.gov.uk/collection/passwords/password-manager-buyers-guide#:~:text=Password%20managers%20offer%20an%20alternative,accessed%20via%20a%20master%20password.

[9] NCSC 2020 Annual Review, p.82, ncsc.gov.uk/annual-review-2020

[10] SC Magazine, August 2020, https://www.scmagazine.com/featured/cloud-misconfigurations-contributed-to-more-than-200-breaches/

[11] NCSC Blog, July 2020, https://www.ncsc.gov.uk/blog-post/connecting-smart-devices-with-confidence

 

Hackers don’t sleep and neither do we. Let us protect you.

Visit our website to find out more:

https://www.digitalxraid.com/security-operations-centre/

Or to speak to one of our experts, call us on:

0808 239 7435

Blog Details
  • 11 Dec 2020
  • Ash Kerr

Newest Articles.

View all
  • 10 Feb 21

    Why the Top UK Organisations Are Using a 24/7/365 Cyber Security Service to Protect Their Digital Infrastructure? 

    Read Article logo
  • 25 Jan 21

    Ten Benefits of ISO-27001 & Why You Should Act Now

    Read Article logo
  • 21 Jan 21

    Why Is ISO-27001 So Important And Why Should You Act Now?

    Read Article logo
  • 19 Jan 21

    THE INTERNET OF THINGS: FRIEND OR THREAT?

    Read Article logo

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.
Close ×
price-popup-pattern
Close ×
price-popup-pattern
Close ×

Step 1 of 3

  • Cyber Essentials Basic Pass Guarantee - £950

    Your Details

price-popup-pattern
Close ×

Step 1 of 3

  • Cyber Essentials Basic Pay Monthly - £79 pcm

    Your Details

price-popup-pattern
Close ×

Step 1 of 2

  • Cyber Essentials Plus - Get a Quote

    Your Details

price-popup-pattern
Close ×

Get In Touch

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×

Get A Quote

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×
price-popup-pattern

Buy Cyber Essentials

price-popup-pattern