Here’s how to make sure your incident response strategy is ready for holiday hackers

The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities.

The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities.

Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to employer computer systems. With so many people shopping online, tracking shipments, and entering sensitive data across multiple websites, holiday hackers are primed and ready to attack your networks by taking advantage of your employees’ online actions and cell phone usage.

According to the FBI, the two most frequent types of holiday scams include non-delivery and non-payment crimes – when a consumer either pays for a product or service that is never delivered or products being shipped without the seller receiving payment. Cybercriminals are also keen on gift card fraud and auction fraud, as well as phishing attempts over email or text messages that disguise malicious links as purchasing confirmations, order tracking information, or shipment notifications.

This time of year especially, cyber criminals are relying on people being too distracted to realize that they have clicked on a malware link or entered their login credential on a fraudulent website.

The heightened number of cybersecurity threats around the holidays underscore just how important it is to have a comprehensive incident response (IR) strategy in place, protecting both your employees and your company’s digital infrastructure.

Building an incident response strategy for the holidays

A thorough incident response plan – which is essentially the cybersecurity policies and procedures used to identify, contain and eliminate attacks – is critical to business operations throughout the year. But because the holidays come with a unique set of cybersecurity threats, it is worth revisiting your plan to make sure it is “prepped” for the holiday season.

According to the SANS Institute, a comprehensive IR strategy is centered on six core objectives: preparation, identification, containment, eradication, recovery and lessons learned.

While you may not need to update each stage of your IR strategy in the coming weeks, it’s worth revisiting policies and procedures so that you can adapt them for the holidays.

The 6 phases of a complete incident response strategy

1. Preparation: This is the first phase and involves reviewing existing security measures and policies; performing risk assessments to find potential vulnerabilities; and establishing a communication plan that lays out protocols and alerts staff to potential security risks. During the holidays, the preparation stage of your IR plan is crucial as it gives you the opportunity to communicate holiday-specific threats and put the wheels in motion to address such threats as they are identified.

2. Identification: The identification stage is when an incident has been identified – either one that has occurred or is currently in progress. This can happen a number of ways: by an in-house team, a third-party consultant or managed service provider, or, worst case scenario, because the incident has resulted in a data breach or infiltration of your network. Because so many holiday cybersecurity hacks involve end-user credentials, it is worth dialing up safety mechanisms that monitor how your networks are being accessed.

3. Containment: The goal of the containment stage is to minimize damage done by a security incident. This step varies depending on the incident and can include protocols such as isolating a device, disabling email accounts, or disconnecting vulnerable systems from the main network. Because containment actions often have severe business implications, it is imperative that both short-term and long-term decisions are determined ahead of time so there is no last minute scrambling to address the security issue.

4. Eradication: Once you’ve contained the security incident, the next step is to make sure the threat has been completely removed. This may also involve investigative measures to find out who, what, when, where and why the incident occurred. Eradication may involve disk cleaning procedures, restoring systems to a clean backup version, or full disk reimaging. The eradication stage may also include deleting malicious files, modifying registry keys, and possibly re-installing operating systems.

5. Recovery: The recovery stage is the light at the end of the tunnel, allowing your organization to return to business as usual. Same as containment, recovery protocols are best established beforehand so appropriate measures are taken to ensure systems are safe.

6. Lessons learned: During the lessons learned phase, you will need to document what happened and note how your IR strategy worked at each step. This is a key time to consider details like how long it took to detect and contain the incident. Were there any signs of lingering malware or compromised systems post-eradication? Was it a scam connected to a holiday hacker scheme? And if so, what can you do to prevent it next year?

Incident response strategies for lean security teams

For small to medium-sized organizations with lean IT security teams or a one-person IT staff, a “comprehensive incident response strategy” may feel out of reach.

But the reality is, with the right cybersecurity technology, teams that lack manpower and resources can implement a full-scale IR strategy that protects their organization’s network and systems throughout the year.

During the holidays, these automated security tools become increasingly more valuable as they are able to keep up with the influx of security risks caused by holiday hackers. Leveraging an automated incident response platform that includes managed detection and response (MDR) services enables IT security teams to keep security operations up and running 24/7 regardless of their size or skill level. IT teams are able to identify and respond to incidents at a faster pace, mitigating damage and reducing the impact of a security incident on the overall business.

To help security leaders build stronger IR strategies, Cynet is providing Accelerated Incident Response along with content like deep dives into the six steps of a complete IR strategy, webinars hosted by IR experts and analysts, and tools including IR reporting templates.

More about

Don't miss