Attackers seem to target enterprises more on important dates and holidays. How can enterprises adjust their defenses to account for expected heightened risks on certain dates?
While many attacks may seem to target enterprises on important dates and holidays, it is probably a coincidence. However, there are a number of criminal groups or activists that target organizations on certain dates or anniversaries of significance to the attackers. For instance, rumors of widespread cyberattacks on Sept. 11 last year were circulating long before that date (though fortunately were erroneous), and various online retailers have been targeted by distributed denial-of-service attacks during the annual holiday shopping season, particularly on Cyber Monday.
Hackers plan attacks on particular dates for many different reasons. Perhaps the most justifiable reason is that they expect fewer enterprise staff will be on hand on a specific date. Surely an enterprise could adjust its defenses to account for expected heightened risks on certain days, but knowing exactly which dates to do this would be difficult.
In my opinion, there are many dates in the Western world worthy of a heightened awareness to attack, such as New Year's Eve, Christmas Day, Christmas Eve, Halloween, major government holidays and so on. Other important dates are country-specific; for example, April 15 might be an important day for the U.S. to be on high alert. Other cultures and countries have their own important holidays, such as Chinese New Year, Ramadan and Yom Kippur. Large events -- such as the 1999-2000 transition and the Y2K affect -- can also be cause for concern.
If your enterprise has security intelligence from a vendor, partner or even the news media that a particular hacker activity or attack is likely on a specific date using specific methods, it would be prudent to implement a security control to minimize the risk. If a known criminal group unites on a particular day -- like Guy Fawkes Day for Anonymous -- and it uses certain known attack methods, implementing specific controls to manage the risk is vital. Similarly, if there are certain days or annual activities that are of heightened importance for your organization, assume your adversaries know that as well and consider additional security controls during those times, though it's always wise to make such decisions based on a thorough risk assessment and measure that risk against your organization's risk tolerance.
While an enterprise could just disconnect itself from the Internet and certain networks, or take other such drastic measures on these particular days, this could cause an extreme hardship for e-commerce and other businesses. Turning off unnecessary services or applications might be another option, but that leads to the question: Why not just turn the applications off or severely restrict access in the first place?
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)