It’s no secret that in the world of Cybercrime, the period from Black Friday to Cyber Monday is referred to as the Super Bowl of Fraud. Increased volumes of transactions in both retail and online settings makes virtual and brick and mortar stores attractive targets for hacker holidays.
But are other holidays “safe”? And if your organization is not a retail business, no worries, right?
While the big retail breaches get most of the press and public’s attention, any holiday can open the door for the most common type of breach – social engineering.
In case you haven’t heard the term “social engineering”, the technique is the act of taking advantage of an employee’s willingness to trust, desire to be helpful, or simple ignorance to get them to take certain actions or divulge confidential information.
Social engineering attacks will sound familiar: phishing, tailgating or piggybacking, baiting and quid pro quo attacks are all names you’ve probably heard before. What they have in common is that they prey upon a desire to be helpful and/or a person’s ignorance of best practice.
Tips to avoid social engineering attacks usually include recommendations to not open any emails from untrusted sources, not to engage with offers from strangers (how many foreign princes are out there anyway?), purchase antivirus software, always lock your laptop and screen when you’re away from them, etc. But these attacks work not because of a flaw in technology, but in an attention gap in the people that safeguard your network.
Do hackers take holidays? They sure do. Right after a payday from your holidays. Valentine’s Day, the Super Bowl, and President’s Day. While they may not be the trifecta of credit card theft opportunity that the post-Thanksgiving shopping days offer, each of these create distractions, stress, and opportunity, especially in organizations that still need to operate. Businesses like hospitals that don’t get to take a breather on Super Bowl Sunday or banks that may see an upswing in flower deliveries on (non-Sunday) Valentine’s Days.
Social engineering attacks work best when people are distracted. Flowers on a romantic holiday, a big game on a small TV in the breakroom and a skeleton crew due to a Monday holiday handling unexpected volume can all distract people and lead to poor decisions when handling sensitive information.
SymQuest works with clients to create a layered security model, showing overlap around common gaps in network architecture and with a view to minimizing human error. A layered security model helps support a network’s integrity, but one wrong click can expose your customers’ information to risk.
In a previous post, we mentioned adopting a risk-management mindset. In order to do that, you need to get your people on board, top to bottom. Holidays are as good a time as any to start mini-trainings on threats to your network. Schedule some time with your team to remind them that holidays can be an opening for hackers. And in larger organizations, utilize your internal email network to send educational information and trainings on network security.
To learn more about the layered security model, download our new eBook here.