Let’s Avoid a Cost-of-Hacking Crisis this Christmas!
Normally around this time of year, I pick a nice Christmas film and write a themed piece to remind the defenders that whilst they are playing the new Call of Duty, hackers from around the world might be playing on their corporate networks. This year is different, there are many people who are struggling this year. Instead of reading about over-the-top Christmas lights displays, I’m reading blogs from Martin Lewis as to whether people can afford to even put on their Christmas lights at all. Things keep adding to the misery so let’s not let the hackers give us, even more, to feel downbeat about! Hackers don’t care if you have had to make cutbacks because of soaring energy prices. They don’t care that you’re a charity. They don’t care that you’re providing vital life-saving care in the middle of a harsh winter. They are criminals looking for a payday. So whilst we are keeping an eye on the pursestrings more than usual this year, let’s make sure the hackers don’t get a single penny! Let’s avoid a cost-of-hacking crisis!
Get prepared now!!
If you aren’t already well on your way to being prepared for any type of incident at any time of year, it’s not too late to put some controls in place. Even if you think you are well prepared, complacency can be dangerous…it’s better to check twice than not check at all. Below are a few things you can review (or get your teams to provide supporting evidence) so that you don’t get a call in the middle of Christmas lunch!
- Freeze changes until you’re back to full strength in the New Year! Hackers aren’t the only ones who can cause costly outages. Poorly planned and implemented changes can cause totally avoidable headaches. Unless absolutely necessary, avoid making changes when you don’t have the resources to fix things quickly should they go wrong. No one wants to be dragged in on New Year’s Eve because your change brought down a client’s backend database!
- People are quiet quitting. They may be in your organisation too. It’s possible you think that people will go the extra mile when you call…but if your organisation has treated them badly…they might not even pick up. I’m sure you do it regularly anyway but make sure you have let your team know how valued they are and how important they are to the organisation. But you also need to make sure there are clear roles and responsibilities in terms of being on call, You need primary responders and backups too!
- Speaking of backups…have backups been tested? The question to ask is how long it will actually take to do a full restore. If this question can’t be answered (and evidenced), your backups have not been properly tested. Get this done ASAP. If you are hit by ransomware you will need your backups. In addition to testing restoration times, test whether you can access backups with production credentials. If you can, fix that before you leave for the holidays.
- Your incident response plans should be ready all year round…but if you’re in a part of the world where most of your people are on holiday, or your organisation will be running with only a few elves checking in remotely to see if all is still well, you are vulnerable. You need to ask yourselves now; could we detect if a hacker has climbed down our virtual private chimney? If they did start rummaging under our corporate Christmas tree on Christmas Eve, how would we respond? If you haven’t looked at your Incident Response plan in a while, book a session in – before people go away! Oh and one last thing. Include a distraction scenario. Think DDoS occurring but at the same time, the real hack is happening somewhere else…would you catch the real attack?
- Are your logging and monitoring capabilities effective? Ask how much of the environment is covered by centralised logging (i.e. logs are not stored on the devices themselves and can’t be turned off). If it’s only “critical” infrastructure you have a problem. You need logs from as much of your infrastructure as possible to aid both in initial detection and follow-up forensic analysis. You also need to test your playbooks. Run some simulations. Did the SIEM pick up your brute force simulation? If it didn’t check your config, fix and run your simulations again.
Stay Safe over the Holidays!
So there you have it, leaders, some key considerations before you head out for the holidays. Merry Christmas and a happy and incident-free new year from us all at Fox Red Risk!
About Fox Red Risk
Fox Red Risk is a boutique data protection and cybersecurity consultancy and Managed Security Service Provider which, amongst other things, helps client organisations with implementing control frameworks for resilience, data protection and information security risk management. Call us on 020 8242 6047 or contact us via the website to discuss your needs.
22301:2019 article 25 article 28 awareness bcms breach change management ciso controller cybersecurity data breach data privacy Data Protection data protection by design data protection officer data protection service Data Subject Access Request DPO DSAR GDPR incident management information security leadership management operational resilience Outsourced DPO Privacy processor resilience risk risk appetite risk management ROI security security as a service small business soc strategic strategy Subject Access Request training transparency vciso virtual ciso vulnerability scanning