According to Radware, there are two types of dates that hackers target: ideological and business-relevant dates. Ideological dates refer to holidays and anniversaries that have a cultural, religious or secular tie to the adversary. High-risks times for the United States include September 11th, Memorial Day, Election Day and Independence Day. Business-relevant dates involve a period of time that companies are particularly vulnerable to attacks, such as Black Friday, Cyber Monday, or even regular business hours.
Additionally, hackers commonly use important dates and holidays to disrupt specific industries. For example, retail and credit card companies see a significant rise in cyber attacks between Thanksgiving and Christmas, whereas government websites may be targeted during Election or Independence Days.
“Timing is an extremely influential risk-factor for cyber attacks throughout the year,” said Carl Herberger, vice president of security solutions for Radware. “Hackers capitalize on overwhelming their target’s environment on days of great importance and look to exploit vulnerabilities that cause the most detriment. Because these types of assaults show no signs of slowing, it’s crucial that businesses implement anticipatory security measures in preparation of these peak times so that networks and data centers are able to properly detect and defend against sophisticated threats.”
There are five immediate steps that network administrators and security professionals can take to defend and prepare their networks during these at-risk times of the year:
Identify high-risk dates: Businesses should recognize which times of the year present excessive levels of risk and develop strategic plans to mitigate issues in the event of a cyber attack.
Conduct seasonal risk assessments: Once these dates are acknowledged, Radware recommends conducting a detailed risk assessment. Aside from classifying top dates for cyber attacks, companies should also highlight seasons for increased web traffic and periods for increased vulnerability that have presented an issue in the past or have the potential to be problematic. Through this assessment, a strategic security plan can then be developed.
Review network security technology: Companies are also advised to plan ahead of seasonal risk by ensuring the network is properly and reliably protected by a leading network security solution. Because it could take up to six months to prepare in advance of high-risk dates, it is important for IT organizations to plan for at-risk periods ahead of time.
Run attack scenarios: In order to ensure that security solutions are functioning at full capacity, Radware suggests running network simulations using both common and emerging cyber attacks approaches. By analyzing potential methods of infiltration and denial-of-service (DoS) disruptions, network administrators will be able to detect flaws and repair the system before the high-risk season commences.
Educate employees: Employees are often the weakest links in an organization’s cyber security plan. Ensure that all staff members are fully aware of the latest tricks and scams that hackers are utilizing to infiltrate networks by providing training and ongoing education on organizational cyber security policies and procedures.
By implementing these best practices, businesses can prepare and fortify their networks against heightened times of risk. Regardless of these hypersensitive periods, businesses should employ reliable security solutions to protect their networks year-round.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.