Partner Login
Security Awarness background

What cyberattacks could your company face over the festive season?

Written by Hornetsecurity / 05.08.2022 /
Home » Blog » What cyberattacks could your company face over the festive season?

 

Christmas is fast approaching! You’re no doubt in the midst of all the preparations: decorating the tree, buying presents, preparing Christmas dinner. For their part, hackers are planning the perfect moment to attack.

Have you thought about the cyber-attacks on your business this holiday season?

In this article, we look at the 9 main cyberthreats that your company (TPS, SME, ETI, local authorities, associations…) may face during this period.

Why should I worry about Christmas in particular?

What is it about Christmas that should make you think more about cyber protection than at other times of the year?

The obvious answer is that you should always be thinking about cybersecurity and protecting your business. However, Christmas is a time when people are more relaxed and employees take time off work to spend with friends and family.

Hackers know when you’re sleeping… and they know it can be days before you realize you’ve been hacked or attacked. It’s the perfect time of year for them to attack without you knowing and without you realizing.

There’s also the issue of remote working and its impact on business. Working from home increases your chances of being hacked if you’re not adequately protected, and you’re more likely to be open to attack. Add to this the festive season, and your business could well be a target for hackers looking for vulnerabilities.

Email remains the main vector for cyber attacks. Here are the 9 cybersecurity threats this Christmas:

Phishing

Phishing is one of the most common threats used by hackers.

Why?

Because it works. Employees who are unaware of this can accidentally give out important personal information, professional identifiers and information vital to their company’s security, such as passwords and bank details.

There are different types of phishing that you should be aware of:

  • Phishing: generally easy to spot, with grammatical and spelling errors, asking for information and/or money, and promising something in return – often a “lover” or a “lottery win”.
  • Spear phishing: harder to spot, it uses targeted personalized information to make it look like legitimate sources, such as suppliers or companies you may know.
  • The president scam: This is an executive scam targeting senior executives. It usually uses a sense of urgency to persuade the reader to act, often giving away sensitive information. This is a sophisticated, digital fraud, executed by social engineering (more on this later).

What to do if you fall victim to a phishing scam?

Don’t click on the e-mail. Report it to your IT department, and if you think you’ve accidentally given out important information, report it immediately to your system administrators. The best way to block phishing attacks is to make sure your company is well protected by an email security solution. Finally, it’s also important that your teams are well-trained/aware of how to spot phishing attacks.

Ransomware

Phishing mails often lead to ransomware attacks. Over the past year, ransomware attacks have been identified as the most significant cyber threat facing France. Healthcare establishments have been the main target of ransomware attacks, with criminals constantly on the lookout for sensitive data to steal.

What is ransomware?

For SMEs and large enterprises alike, ransomware is often the biggest threat, often causing more than 24 hours of downtime. Over the past 12 months, a record number of attacks have been recorded, and this is something to be aware of, especially in the run-up to Christmas.

Human/user error

Human/user error remains one of the greatest vulnerabilities when it comes to cybersecurity threats. Are your employees properly trained? Is your website code up to date and regularly checked? Errors/forgets can be catastrophic for your company’s security.

Unfortunately, cybercriminals are aware of this and try to exploit it. With Christmas approaching, when attacks can be more frequent, make sure your staff are up-to-date with their cybersecurity training, check your website code (updates) and ensure that cybercrime policies are up-to-date.

By ensuring that your employees are up-to-date and trained, you eliminate one of the weakest links in cybersecurity. Make sure you close all potential loopholes that hackers could exploit and use to penetrate your business.

Theft of identification information

Are your company’s credentials for sale on the Dark Web? More than 15 billion corporate credentials are in circulation on the Dark Web, an increase of over 300% in just a few years. It has never been easier for cybercriminals to obtain this information by taking control of accounts.

Financial data, personal information and sensitive documents are often stored in the cloud. While we may think of this as a safe place, without adequate protection, your information is vulnerable to hackers looking for opportunities to steal and sell your data to the highest bidder.

The most common breaches, where your credentials can be stolen and sold on the dark web, are phishing and ransomware attacks. It’s essential to make sure your information is protected at Christmas, so you can relax and feel secure in the knowledge that your business is properly protected.

Weak passwords

65% of people use the same passwords for multiple accounts, leaving companies potentially open and vulnerable. Are your passwords secure? Are they complex enough to make it difficult for cybercriminals to access them?

We recommend using long passwords, made up of upper and lower case letters, numbers and special characters. We know it can be frustrating to remember several passwords, but it prevents hackers from accessing your accounts and sensitive data.

Before you leave for the Christmas vacations, check that your passwords are up-to-date and in line with best practice recommendations. Make sure that all your employees comply with password security policies, and that there are no loopholes allowing hackers to access your accounts while you’re on vacation.

Consider using a password management tool. They offer a more secure way of managing multiple accounts and multiple passwords.

Misuse of administrator accounts

Just like human/user error, administration errors and incorrect use of administration accounts can lead to cyber-attacks and give hackers access to sensitive information. If passwords are weak and administration neglects security protocol, your company is exposed to cyber-attacks. Administrative accounts often contain and store sensitive financial, account and customer information, which, if not secured effectively, can lead to disaster.

Before Christmas, check that your administrative accounts are secure, that data is protected and that there are no loopholes for cybercriminals to target…

Social engineering

Social engineering is in a class of its own because of its sophisticated and different methods of penetrating your business. Hackers are finding new ways to trick companies into disclosing private data, accidentally installing malware on devices and providing access to their accounts.

Social engineering typically involves psychological manipulation; at Christmas, it may involve manipulating your goodwill. These clever attacks encourage employees and companies to disclose sensitive data to hackers. Social engineering is clever because it involves a human element, playing on the need to help others, which makes it difficult to avoid.

Hybrid or remote working has also increased the risk of social engineering attacks, as more and more employees work from home using cloud-based systems, which are easier to hack if not secured effectively. To avoid this, we suggest you make sure all your employees are properly trained and aware of the psychological methods social engineering can use to manipulate them.

Incorrect device configuration

Are your devices configured correctly? Is your firewall working and updated correctly? When cybersecurity software is updated or modified, this is when configuration errors are most common, leaving your company open to attack.

With the shift to remote and hybrid working, businesses have never been so vulnerable.

More and more companies are using cloud storage software to make it easier for employees to work from home, and the risks have never been greater.

Misconfigured storage services have contributed to over 200 breaches in the last two years.

It’s essential that your firewall is correctly configured and up to date to protect your business from hackers.

Check again that everything is updated and configured correctly before your Christmas vacations, to minimize the loopholes that cybercriminals could use to penetrate your organization’s systems.

Updates

Keeping your devices up-to-date with the latest patches is crucial to your defense against hackers and cybercriminals.

Patches are important because they fix known product flaws that hackers could potentially use to gain access to your business.

Keep all software on mobiles, tablets, laptops, and desktops up to date to reduce exploited vulnerabilities.

We hope you’re now thinking about taking steps to protect your business from hackers and secure your data, not just over the Christmas period, but throughout 2023 to come.

Email is the 1st vector in a cyberattack, so it’s essential to secure your email flows.

At Hornetsecurity, it’s what we do.

You might also be interested in: