The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a new cybersecurity advisory to highlight precautions and mitigation steps that public and private sector organizations can take to reduce their risk to ransomware and other cyber attacks, specifically leading up to holidays and weekends.
This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting.
Cyber experts weighed in on the advisory and what organizations can do to prepare.
Tim Wade, Technical Director, CTO Team at Vectra, a San Jose, Calif.-based AI cybersecurity company:
"With fewer staff plugged in over a long weekend, the risk of accidental discovery to an adversary is likely going to be diminished particularly among organizations that have an overreliance on preventative security and haven’t fully funded operational security activities that detect and hunt malicious behaviors."
Bill O’Neill, Vice President of Public Sector at ThycoticCentrify, a Washington D.C. based provider of cloud identity security solutions:
"Regrettably, it’s quite common that these attacks happen during the holidays because foreign malicious actors typically perceive that IT and security teams at a target organization are either out-of-office or significantly pared down. This often leads to a delayed response or an unprepped ‘skeleton crew’ that simply doesn’t have the resources to simultaneously monitor for and deter threats fast enough. Because most organizations would prefer to have their data released immediately, rather than wait out the duration of a holiday weekend (and incur continued reputational damage), they’re also more likely to negotiate with attackers and pay out the requested ransom to minimize long term risks associated with these attacks."
Hank Schless, Senior Manager, Security Solutions at Lookout