Preparing for cyber threats over the Fourth of July.
the cyberwire logoJun 30, 2023

Threats aren't exactly born on the Fourth of July, but they observe it in their own way. Stay safe out there.

Preparing for cyber threats over the Fourth of July.

We’ve received several industry comments offering advice on how to stay safe over the Fourth of July weekend. Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, gave the following advice:

“Cybercriminals get to choose when and where they attack, but it's unlikely that a business’ internal cybersecurity team is equally ready and waiting to counterstrike at 2am over a long holiday weekend. While adversaries always seem to be a step ahead, CISOs must focus on actively monitoring key web applications. Proven to be a difficult, but necessary endeavor, application defects require priority alignment with development teams, and protection tools must comply with customer experience (CX) and governance requirements.

“For success, CISOs must look to implement best practices that both minimize CX mistakes and rapidly address them. This requires extensive testing with the organization’s application (not just a generic tool) and the services of a 24x7x365 end-user facing expert response team. So, where do you find these people, how do you afford them, and how long until they are executing with Capability Maturity Model Integration (CMMI) 3.0+ maturity? By applying the same rigorous tests to their security operations models as they do their software design, CISOs can be granted a head start. They must also build a compelling business case for an adequate security budget - while working to empower their security team to write code objects that manipulate the behavior of applications and eliminate threats and risks. Further, edge compute can introduce a range of benefits as well. At a time where tools on their own are not enough, it provides a genuine alternative to advocating with the development manager. Consider outsourcing to specialist teams, or even augmenting internal teams with AI and apply it to the tasks of risk elimination and threat containment.” 

Be vigilant, but the threat isn’t confined to the holiday.

Max Vetter, VP of Cyber at Immersive Labs, commented: 

“Ramping up an organization’s defensive posture ahead of a holiday weekend like the Fourth of July is the wrong way to think about building cyber resilience, as attacks can occur at any moment and they are becoming more sophisticated. It’s much more effective to build a cybersecurity culture across the entire organization that sets the expectation that an attack could come at any moment - day or night, holiday weekend or not. Organizations can enhance their preparedness for cyber attacks by incorporating regular crisis exercising and real-life cyber simulations and labs, so that when a cyber threat does arise, business leaders know that their teams will respond effectively and rapidly because they’ve already practiced these scenarios.”

Vigilance is low, staffs reduced, people traveling.

Matt Fulmer, Cyber Intelligence Engineering Manager at Deep Instinct, stated:

“As proven with past holidays, cybercriminals understand that during these popular travel weekends, user vigilance is generally low, and cyber defense teams are more short-staffed than ever. In 2021, we saw Kaseya fall victim to a cyber attack during Independence Day weekend, and we can expect similar activity this year, especially with the rise of AI and other emerging technologies within enterprises.

“With such rapid technological expansion, IT and security professionals must be even more vigilant over holiday breaks. Organizations must prepare and change their mindset now to get ahead of potential threats. We can no longer make it easy for cybercriminals – especially during high travel time and holidays – to access critical infrastructure and sensitive data. Predictive, preventative security tools will deny cybercriminals access while alleviating cyber defense teams that should be enjoying their Independence Day celebrations.”

Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, said:

“A breach could occur within an organization at any given time - this is especially true when a security team is expected to be off the clock over a holiday weekend. As breaches are inevitable, organizations must be prepared with an incident response plan to avoid making bad decisions on the spot when they do occur. For example, the expectation for quick reporting can put an extra burden on security teams to get information out that won't necessarily help them find, isolate, or recover from an event efficiently. This can ultimately create a lack of transparency when reporting issues, with people fearing the loss of their jobs. Fortunately, having an incident response plan in place can help alleviate this pressure. With that said, departments across the industry must be made aware of this plan, in order to carry it out successfully. We’re also starting to see more emphasis on automation to prepare for security incidents. Tabletop exercises and automation tools that augment defenders’ capabilities will become key to accelerating a response.”

Holiday weekends are traditionally periods of increased threat.

(Added 6:30 PM ET, June 30th, 2023. Mark Ruchie, CISO at Entrust, thinks employees can benefit from some timely advice, and that organizations could look for key indicators of attacks.

“While cyber attacks can happen at any time, historically, holiday weekends can bring increased levels of threat for organizations. One way to prepare for these threats is to increase your training and awareness efforts around cybersecurity to encourage safe practices. For example, warn your employees about potential phishing threats that are related to or reference holidays, encourage them to go to sites directly rather than clicking links in emails, and use multifactor authentication whenever possible. 

“Although holidays can lead to increased threats, attacks can happen at any time so it’s important to ensure your cybersecurity foundations are strong and reliable year-round. Implementing a Zero Trust architecture, for example, will help you reduce the threat of cyberattacks by protecting data and resources through continuous monitoring and verification. 

“These strategies will allow you to protect your information and identify where vulnerabilities are –– giving you valuable information that will help you adapt to new threats and risks before they become widespread issues, especially when short-staffed around holidays.”)

Some quick steps to take to prepare for a heightened holiday threat.

Peter Barker, Chief Product Officer, ForgeRock

"As we approach the July 4th holiday, organizations need to keep in mind that cybercriminals use holiday weekends like this as an opportunity to conduct sophisticated, targeted attacks. A new report found that unauthorized access is the leading cause of breaches for the fifth consecutive year. Instead of waiting for these attacks to happen, organizations need to closely monitor for unusual password activity and consider eliminating the use of passwords altogether. Not only are passwords a major security risk, they also hinder productivity and efficiency. Passwordless authentication replaces traditional passwords with more user-friendly, secure methods, ranging from biometrics, authenticator apps, and certificates. This holiday may mean downtime for you, but it doesn’t mean it will be for cybercriminals. It’s time we embrace a world where we never have to login again."