December 20, 2022
Threat Intel Report | December 2022

We have used the Threat Intel Report throughout the year to touch on security posture. Security posture encompasses many areas, including policies, procedures, and controls that make our organizations more secure. But it also comes down to our people and teams—not just their knowledge and skills, but also team members’ well-being and mindset.

This month’s issue is available without a subscription!
We’re finishing out 2022 with an abbreviated issue published completely online below. We will be back in January with a full issue. Subscribe now, so you don’t miss it!

Many organizations run a light security crew during the holidays, giving team members time to celebrate and relax. According to a new report by Cybereason, 44% of surveyed organizations operate with a skeleton crew of less than 33% of their usual security staff on holidays.

Threat actors know that organizations tend to be short-staffed this time of year—a Darktrace study found that ransomware attack attempts tend to rise 30% during the holiday season. Recognizing that threat actors often use holidays to launch impactful attacks, CISA has published recommendations for critical infrastructure to stay vigilant during the holiday season.

Organizations would do well to consider the well-being of the security team members who remain on hand to defend against threats during the holidays. These employees are dealing with potentially more attacks during a season when documented rates of depression and stress increase. Employees may be dealing with the disappointment of being unable to join family and friends, the first holiday season after losing a loved one, financial pressures associated with gift-giving, the stress associated with family get-togethers, travel, loneliness, or other pressures.

These stresses can carry over to the workplace, or employees can simply slip into holiday mode. Highlighting what the impact of holiday mode can mean, a previous Cybereason study found that 70% of security professionals admitted to having been intoxicated while responding to a ransomware attack on a weekend or holiday.

With the combination of increased cyber attacks, short-staffed teams, and holiday stresses on top of general burnout brought about by the cyber skills shortage, it may be difficult for team members holding down the fort to keep a “default suspicious” mindset of thinking like an attacker.

There are ways to help our team members maintain constant vigilance. Let team members know they are not alone during the holidays by checking on them or sending them a surprise gift. Consider relieving a team member for an hour to eat dinner with the family or deliver a gift to a loved one. No matter how you support team members during the season, attention to their well-being is important to maintaining an active defense and sustaining an organization’s overall security posture.

Need help maintaining or improving your security posture? Converge Cybersecurity offers technology solutions and advisory services in the areas of advanced testing, incident response, architecture and integration, strategic staffing, and managed security.

 

Subscribe now and you will also receive access to past issues!

About the Author
CBI, A Converge Company
Threat Intel Group
The Threat Intel Group (TIG) is a critical component of CBI’s Managed Security Services. The TIG’s dedicated team of threat hunters summarize and interpret today’s threats to improve your security posture at scale. Combining globally recognized security methodologies, data and automation with high-level analysis, CBI’s Threat Intel Group provides powerful insights to enhance your organization's security decision-making process. All information is actionable and provides strategic, tactical and operational threat intelligence to raise stakeholders' awareness and embolden proactiveness.
I Need To...