August is many clients’ preferred time of year to take some time off. This usually means that a lot companies experience a reduction in demand for their products and services, with the obvious exception of companies in the tourism or hotel industries. As a result, organizations adjust their activity to adapt to this lower demand.
These changes in a company’s activity can lead them down two dangerous paths in terms of cybersecurity: the erroneous belief that cyberattacks will let up in the summer months, and a lowering of their guard, either due to this belief, or as a direct result of the reduced activity. Both are mistakes that can have very serious consequences.
August is a busy month for cyberattacks
According to the data compiled in hackmageddon.com’s timeline of attacks, in August last year, 89 high impact cyberattacks were registered. This means that August was the third busiest month for cyberattacks in 2017. Of these attacks, 78% were cybercrime and 10% were cyber espionage.
Among the most notable attacks were the attempts of one Nigerian cybercriminal to infect, defraud, and steal data from 4,000 organizations, including financial, industrial, oil, and infrastructure companies.
In another incident, an attack that had made headlines around the world a few months earlier came back to threaten some companies in August: WannaCry forced electronics manufacturer LG to shut down part of its systems in South Korea for two days in order to prevent the further spread of the attack.
Finally, it’s also worth mentioning that a cyberattacker from the collective Anonymous managed to access confidential data belonging to a company that manages appointment bookings for the UK’s National Health Service. The attacker gained access to the data of 1.2 million British patients. While the company was quick to highlight that at no point did the attacker have access to patients’ medical history, they did obtain data such as contact names, phone numbers, and email addresses.
As for this year, the data for July isn’t yet available. However, Hackmageddon points out that during the first half of this year, every month has seen more attacks than in 2017. This trend suggests that these weeks will also see a high number of attacks.
Never let your guard down
None of the most wanted cybercriminals’ most dangerous attacks came with an advance warning. What’s more, given that these statistics show that cyberattacks don’t let up either in number or intensity over the summer, a company’s cybersecurity measures should be as strong as they are every other month of the year.
In the summer it is vital to maintain vigilance in order to have complete control over authentication, identity management and encryption. Following the Zero Trust model — not trusting anything or anyone — is the best strategy for the company. It’s also vital to prioritize the defense of critical assets. Cybercriminals will try to get the highest revenue possible during this period, since people tend to be more relaxed. This means that it’s essential to evaluate the risk posed by each system and application, and focus efforts on protecting the basic elements that are needed for the company’s day-to-day running.
It’s also important to remind employees of the importance of staying vigilant over the summer, especially if they access company files from their holiday destination, or from public areas like airports and train stations. Connecting to public WiFi could put the security of your company’s information at risk. This is why it’s so important to provide a VPN that employees can use to access the Internet with total security.
As well as protecting access to information, we mustn’t forget to make backups and provide proper protection for them. The information contained in these backups is vital, so appropriate security measures must be applied to them. Should an incident occur, these backups have to be used. As such, only people who absolutely need them should be able to access them, and the passwords to get into them should be strong.
Finally, in order to maintain a suitable level of security over the summer, it’s vital to have in place advanced cybersecurity solutions like Panda Adaptive Defense 360. Companies need to opt for detection, prevention and response solutions with functionality and full expert support 24 hours a day, 365 days a year. Having this kind of solution and following the above recommendations are the best way to protect your company from cyberattackers that, as the statistics show, don’t take holidays.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
