Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more
This article was contributed by Johanna Baum, CEO, and Founder of S3
Cyberattacks, or the threat of an attack, might be top of mind during the festive season as consumers’ online buying increases, but in truth, every day is a holiday for cybercriminals. The lack of ongoing investment in cyber hygiene and landscape readiness creates weaknesses that bad actors know how to exploit.
Yet, busier times, like the hustle and bustle of the holiday season, bring these problems more to the forefront, while they are constantly lingering just below the surface. In fact, in 2021 alone, the U.S. saw a surge of ransomware attacks during notable holidays like Mother’s Day, Memorial Day, and Independence Day. Why is this the case? Businesses are closed during many of these holidays, leaving networks unsupervised and data exposed and creating a season for cyberattacks. It’s safe to say that when our guards are down, cybercriminals are on duty.
Although I’m certainly a holiday shopping procrastinator and pay my fair share in rush shipping fees, being a cyber defense procrastinator carries a far more significant price tag to an organization. While a typical breach, on average, costs around $4 million, Target’s infamous holiday season data breach cost the corporation $300 million — a number that is far from jolly. The season is filled with additional spending, both from consumers and organizations who are victims of cybercrime.
With this in mind, companies must commit to true security year-round, which requires ongoing vigilance, and continual investments in both time and resources. The discussion around prioritizing preventative or defensive spending is tough when the risk isn’t directly felt. But, to be successful, continuous focus on cyberhealth, months before the holiday season, is essential.
As organizations anticipate another year filled with increased holiday digital traffic, they must prepare for the known holiday crime influx. This holiday season alone, online fraud is expected to spike 60%. Credit card theft will exponentially increase, continued supply chain issues will create excess noise, and ransomware attacks will certainly be on the rise — and consumers will have less tolerance for all of the above. So the question will remain, how can your IT department broker a winning holiday season against an angry mob of shoppers and an army of bad actors?
Here are three tips to help protect your business this holiday season and beyond.
One study showed that while 89% of organizations say they have experienced a ransomware attack during a holiday in 2021, 36% say they have no contingency plan in place to respond. Preparing the organization for an attack or period of increased risk must occur long before the risk rises to a heightened level of concern.
Implementing tools, modifying policies and procedures, improving response times and monitoring, and developing response plans, all require time to lay the groundwork for a successful cyberdefense execution. Every user needs to understand their role in cyberdefense. Education and awareness measures take time and cannot be prioritized just as the busy holiday season approaches. Without these foundational elements in place, this season for cyberattacks will feel much like playing whack-a-mole with a wet noodle, not very successful.
Preparation is the first step to success. Ensuring the organization is educated on initiatives and has a tactical short and long-term plan creates a visible roadmap for execution. It eliminates our wet noodle whack-a-mole scenario and provides an organizational playbook for success. Without a plan, a cohesive strategy is difficult to come by and makes it exponentially more difficult to launch countermeasures for protection. A solid playbook with prioritized improvements provides clarity around existing risk, mitigating controls, and a schedule for remediation.
No one yearns for a delayed response, especially when valuable information is at risk. The ability to rapidly address issues, respond to incidents, and actively deploy solutions and procedures to support operations is critical to establishing a strong cyber posture, especially during a season where cyberattacks are on the rise.
When a company is silent after a data breach, dragging its feet, it portrays a lack of priority or care for its constituents, causing consumers to feel their information is not as important as their money. This can result in a massive backlash from consumers, leading to much more than monetary loss, but diminished loyalty amongst customers and decreased organizational reputation. By responding quickly with intent, you reduce exposure to risk, contain damage, and instill confidence in the program.
Transparency can cure a lot of woes. As Brené Brown says, “clear is kind.” On average, it takes a business 279 days to identify and contain a breach – that’s more than three-quarters of a year to share with stakeholders the details of the cyberattack.
Ensuring that your constituents, both internal and external, have the information they need to understand their own risk is critical. A well-informed community of stakeholders builds confidence in your organization, while a lack of transparency fosters discomfort and a sense of dishonesty. In the social media age, it greatly increases the likelihood of a social attack, potential hacktivism, or a good old-fashioned transition of buying power.
The gift that keeps on giving
The gift of a solid IT team and cyber-aware organization should be greatly appreciated, as it’s one that can be utilized year-round, and it’s crucial to show your appreciation to the team that defends your house. The McCallister’s home was safely secured by the crafty eight-year-old, played by Macaulay Culkin in Home Alone. Without him, the holiday season and beyond would have been assuredly way less enjoyable and Marv and Harry would have made out like bandits.
As an organization or a consumer, you should be constantly cyber-vigilant. During the holidays, when pressure and transactional volumes increase, that focus should be your utmost priority. However, it’s even more important to be prepared for the first half of the year, when the risk is less prevalent, giving you quiet time to develop a thoughtful plan that truly protects the data of the company and the consumer.
This holiday shopping season will either highlight your preparedness or your deficiencies. As we dive into the most active season for cyberthreats, be ready to respond, do so with authority, and protect your organization and the high-value assets – your consumers. Honesty and transparency, both inside and outside the organization, create a culture of support and loyalty, so don’t forget to appreciate the team that holds the keys to protecting your kingdom and ensure they know their value.
This article was contributed by Johanna Baum, CEO, and Founder of S3