Skip to main content

Keeping Who-ville Cyber Secure This Holiday Season

November 27, 2018

"They're finding out now that no Christmas is coming! They're just waking up, I know just what they'll do. Their mouth will hang open a minute or two, then the Whos down in Who-ville will all cry, 'Boo Hoo.'"
- Dr. Seuss, How the Grinch Stole Christmas

If we were to relate the Grinch to cyber security terms, we'd call him a quintessential threat actor. His sole focus is finding a way to stop Christmas from coming, no matter the cost. Like a threat actor, Mr. Grinch checks the perimeter of Who-ville looking for vulnerabilities and gaps that can be manipulated so he can destroy the Whos' sense of safety and security.

Today's threat actor operates in much the same way as the Grinch, working overtime to identify vulnerabilities to stage an attack. Instead of stealing packages and Christmas dinner, threat actors exploit customer data, leaving your business and customers at risk.

Protect your business from threat actors - the tall and the small - this holiday season with Optiv's top five tips.

  1. Have a plan. Identify security gaps by shining a light on them to increase visibility. Proactive incident management planning enables businesses to develop and evaluate the efficacy of their programs. Enterprises need to develop an incident response plan so the entire team understands when an event turns into an incident, what types of incidents they are likely to face from threat actors and more importantly, who the experts are for response efforts.
  2. Audit point-of-sale (POS) now. The explosive growth of POS types and related applications creates more endpoints on-premises and in the cloud, resulting in a far larger attack surface. Enterprises must implement greater security within the software development lifecycle to protect credit cards, Personally Identifiable Information (PII) and secure endpoints. Without security from inception, the risk of vulnerabilities within the POS or applications increases significantly.
  3. Remind others that holiday season is hacker season. The holiday season is the most active time of year for malicious cyber activity. According to Forbes, "The four main ways in which social engineering occurs is by phishing, in which the hacker uses email to trick someone into giving them access to some kind of account or login or financial information; vishing, which is the same but through voice, such as a phone call; impersonation, which is done in person, on site; and smishing, which occurs through text message." Enterprises need an incident management program in place so everyone involved knows what to do before, during and after an incident. Awareness of these activities breeds vigilance during this time of year.
  4. Beware of lurking ransomware attacks. Ransomware attacks scale up during the holiday season. E-commerce sites and many other endpoints offer attackers an array of entry points. Having an e-commerce site taken down by ransomware would be especially painful for a retailer during the holidays. To keep these endpoints secure, enterprises should boost security vigilance with iterative, differential attack and penetration testing.
  5. Use secure payment options when possible. A unique, holistic Secure Payment approach will help secure the entire payment process throughout the cardholder data environment (CDE), fortifying security related to endpoints, applications and networks. Tighter integration of security, with a laser focus on data protection, enables merchants to advance their security maturity while allowing customers' peace of mind knowing their data is protected.

Hackers don't take a holiday when you do. Avoid a Grinch-style attack this season by implementing the above tips. Wishing you a cyber safe holiday season!


    Jeff Wichman

By: Jeff Wichman

Managing Security Consultant, Enterprise Incident Management

See More

Related Blogs

November 20, 2018

Take a Deep Breath…and Be Thankful

Ah, Thanksgiving. Time to breathe, greet the holidays and revel in a few days off, time with family, and…what’s that call on your cell? “Suspicious ac...

See Details

October 31, 2018

Titanic - Lessons Learned for Cyber Security

Computer security professionals are all too familiar with the “cat and mouse” game seen on the global stage of the enemy and defenders. History does i...

See Details

October 15, 2018

Keeping Credentials Safe: Worldwide in Real-Time

If you were to gather ten cyber security experts in a room and ask them what the most common threat actor access point is for today’s enterprise, ever...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.