Cybersecurity official Anne Neuberger has implored American businesses to actively prepare for a seasonal surge in cybercrime.
In a statement issued through the White House on Thursday, the deputy assistant to the president and deputy national security advisor for cyber and emerging technology explained why threat actors like to time their attacks with the holidays.
“Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions,” said Neuberger.
She added: “Beyond the holidays, though, we’ve experienced numerous recent events that highlight the strategic risks we all face because of the fragility of digital infrastructure and the ever-present threat of those who would use it for malicious purposes.”
Neuberger warned that some IT systems may already have been compromised by cyber-criminals whose strategy is to break in then lie in wait for the optimal moment to attack.
Along with the warning, Neuberger listed specific steps that leaders can take to reduce the risk to their organizations through the holidays and into the New Year.
The first of these steps was to make sure all known vulnerabilities are patched so that criminals cannot exploit them.
Leaders were also encouraged to enable logs and to pay attention to what was going on in their network so that they could quickly spot and investigate any suspicious activity.
To block attacks that rely on stolen credentials, Neuberger said employees should be asked to update their passwords before the holidays with new picks that are adequately long and complex to provide a good level of protection.
Key data should be backed up and stored offline, and multi-factor authentication should be implemented and required by all users without exceptions.
Neuberger also urged leaders to put a plan in place for what to do in the event of an attack, and to ensure that their IT and security teams have sufficient holiday coverage.
“The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest. Unfortunately, malicious cyber-actors are not taking a holiday – and they can ruin ours if we’re not prepared and protected,” said Neuberger.