When school is out for summer, it seems like everyone is on vacation – everyone except your (un)friendly neighborhood cybercriminals.
Something about the summer months puts us off our guard and threat actors on high alert. The only way to stay safe is to know what’s causing the trouble in the first place. We’ve packed our sunscreen – now read on to find out how to make sure your security also doesn’t get burned.
Summer Cybersecurity Weaknesses to Look Out For
- Holidays mean lower staff counts | Summer is the time for family vacations, trips abroad, and lower rates of qualified cybersecurity personnel on duty. Additionally, temporary staff may also not have had the same security awareness training and therefore be more susceptible to phishing emails, insecure file transfers, and other unsafe practices. Threat actors can take advantage of this natural deficiency, leading to potentially increased risks of phishing and lower response times on urgent alerts. Together, this make for a bad combination.
- Servers can’t beat the heat | Everyone knows that a hot server is a slow server. An overheated server can severely malfunction or even crash, leaving companies not only potentially incapacitated, but also vulnerable. As heat waves are increasingly taking down data centers, the potential cybersecurity risks such incidents pose is becoming clear. Hastily bringing a server back online could actually compound the problem, accidentally opening more avenues of attack by failing to take the proper precautions and set it up right. And, if companies reduce operations to prevent servers from getting too hot, such measures may have unintended consequences of increasing risk to the enterprise.
- Vacation means poolside public WiFi | Just because remote work allows you to work from anywhere doesn’t mean it’s safe to connect everywhere. Public WiFi is not the place to log in and check a quick work email – even for a minute. It only takes a moment for the right threat actor to infect your device with malware, snoop for confidential data, or hijack your session. It’s annoying when it happens to your Gmail account. It’s detrimental when it happens to your Microsoft Outlook work account. An attacker may scan sensitive information, download your contacts, and pivot to others within your organization. On top of that, vacation is a time when those who do find time to work are often distracted and may be more careless about what they’re opening. And the threats are out there: Business Email Compromise (BEC) resulted in $2.7 billion dollars in losses in 2022.
Protecting Your Organization All Year Long
No one wants to come back from a week off to find an IT disaster waiting for them. Here are some tips to stay safe:
- Vulnerability Scanning | Never fly blind when it comes to your network, especially when you’re out of the office. These scans can be scheduled and automated, making it easy to keep an eye on things, even with staff outages. These scans provide the foundation for any subsequent security efforts – you can’t fix what you can’t see.
- Pen Testing | Pen testing is great for making sure your systems are as good-to-go as you think they are. They can not only exploit and prioritize vulnerabilities but can also make you aware of misconfigurations – like if that server got back online too quickly and left the enterprise exposed. You don’t want to go on vacations with systems unpatched, and pen testing on a regular basis can help your team take on a proactive – not reactive – approach to security.
- Red Team Exercises | Make sure your security team is prepared by putting them to the test. Red teaming doesn't just assess defenses, it also helps train the blue team. Facing down real-world threat tactics goes beyond even the preparation of knowing what to patch. It tests their security nervous system, anticipates how well they will do under pressure, and seasons them so if the worst happens while the team is short-staffed everyone will still know what to do.
- Use a VPN | You never know where your adventures might lead, or how tempted you might be to fall for public WiFi when your data runs out in a strange city. For instance, the FBI has explicitly warned against cell-charging kiosks, stating that “Cybersecurity experts warn that bad actors can load malware onto public USB charging stations to maliciously access electronic devices while they are being charged.” It’s safer to make a habit of using a VPN – either for personal or work use – every time you log in. Cybercriminals are working when you’re not, and every in is a potential liability.
- Make social engineering tests a must | All a threat actor needs is one weak link. You can prepare team members with a phishing campaign that tests how they react to malicious emails they might encounter. This can help identify who is susceptible and in need of additional training on how to stay safe and spot suspicious activity. You never know who might be up late, checking emails in a hotel room while on vacation - off their guard and susceptible to click bait, ransomware-infested text links and other phishing emails.
The Best Defense is a Good Offense
Cybercriminals don’t sleep, and neither do we. The best defense is a good offense and Fortra’s Core Security has solutions to prepare your organization to stay sharp during the summer months and beyond.
Core Impact, Core Security’s flagship penetration testing tool, can integrate with top vulnerability scanners like Fortra VM to maximize the impact of both. Adversary simulations and red team operations can be run with the help of Cobalt Strike and Outflank Security Tooling (OST), two powerful red teaming solutions ideal for deploying sophisticated adversary simulations. Best of all, these solutions can be bundled together so you can cost effectively accelerate your offensive security strategy.
If we’re not careful, we can get burned by more than just the sun this summer. Secure your enterprise with Core Security’s lineup of offensive security solutions and enjoy your time off.