https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Shutterstock

Ransomware Santa Christmas

Cybersecurity Pros Bracing for Possible Holiday Cyber Event

  • Written by Edward Gately
  • December 20, 2022
Many organizations remain unprepared to handle a ransomware attack on a holiday or weekend.

Is a major cyber event about to occur, creating a holiday season nightmare for cyber defenders?

Last year, there were Log4j vulnerability exploitations and the year before it was the SolarWinds supply chain attack. These cyber events had cybersecurity professionals scrambling throughout the holidays, and the impacts lasted well into the following year.

According to Cybereason research, many organizations remain unprepared to handle a ransomware attack on a holiday or weekend, as they continue to operate with a skeleton crew at these times. It’s no surprise that security operations center (SOC) teams operate so lean on holidays and weekends. That’s because security professionals are experiencing record levels of burnout compounded by a protracted global talent shortage and relentless adversaries.

Next Big Cyber Event ‘Never Far from Our Minds’

Michael DeBolt is chief intelligence officer at Intel 471. He said for those defending against cyber threats in the trenches every day, the eventual discovery of a large-scale cyber event or serious widespread security issue is “never far from our minds, regardless of the season.”

Intel 471's Michael DeBolt

Intel 471’s Michael DeBolt

“Being vigilant and prepared are key requirements for a cybersecurity analyst or threat intelligence professional responsible for protecting their organization,” he said. “Unfortunately, the daily grind and constant pressure not to miss something can take a heavy toll on the individual and the organization if left unchecked. Under stress, important tasks and security controls that are otherwise trivial can be inadvertently missed.”

Reconciling this tension first requires accepting that a critical cyber event can happen, DeBolt said. It’s not a matter of if, but when.

“With this backdrop, the key is to be prepared,” he said. “Build confidence in your security and risk posture so you are positioned to resolve critical events quickly with minimal impact. Nothing is 100% preventable. But prior planning that addresses internal weaknesses and external threats illuminates key risk areas and fine-tunes your immediate action plan should an unforeseen critical event occur. Having a solid understanding of your environment will enable you to triage a quick and accurate assessment of whether the threat actually poses a real and present risk to your organization.”

Automation Can Help

John Bambenek is principal threat hunter at Netenrich. He said critical business assets continue to exist outside working hours, but the humans to protect them have families and want time off.

Netenrich's John Bambeneck

Netenrich’s John Bambeneck

“You either have to highly incentivize people to work or they’ll be at home and it’s hard to justify the cost,” he said. “Even in a breach, it’s hard to bring people back.The less resourced a security team is, the harder it becomes for holidays because the money isn’t there for holiday pay or outsourcing. Automation can help. If there are defenses that thwart attacks as they occur, some measure of protection exists. Multinationals can prioritize security staff in places where different holidays are celebrated so constant coverage is available. Ultimately this remains a resilience problem.”

Every security program needs to start with business continuity and disaster recovery, knowing that most attackers do not share the time zone of their victims, Bambenek said. Having procedures in place to allow remote workers the ability to remotely restore critical business functions is key.

Plans Should Already Be In Place

Mike Parkin is senior technical engineer at Vulcan Cyber.

Vulcan Cyber's Mike Parkin

Vulcan Cyber’s Mike Parkin

“This time of year can be a challenge in general,” he said. “How IT departments are preparing can vary wildly from organization to organization, with some doing a much better job than others. Hopefully, the majority have already made their preparations and have the appropriate plans in place. This close to the holidays, organizations should already have their schedules set so they know what personnel resources are available and their contingency plans in place. The last round of patches and mitigations should be done. And finally, the reminders to staff to be aware of social engineering efforts and phishing attacks should be out, with another round ready to go right before everyone leaves on break.”

Cybersecurity professionals are dealing with environments that are “active” 8 a.m. to 5 p.m., but are under threat around the clock, Parkin said.

“Even with limited resources, proper planning and solid communication can soften the blow when an attack comes outside the organization’s normal business hours,” he said. “Automation and well-designed playbooks combined with a solid risk management program can serve as a force multiplier for a limited staff until the full team can react.”

Ensuring On-Call Coverage

Tanium's Melissa Bischoping

Tanium’s Melissa Bischoping

Melissa Bischoping is director of endpoint security research at Tanium.

“So how has my experience with SolarWinds and Log4j better prepared me to brace for a cybersecurity incident of equal or greater magnitude this time of year?” she said. “Ensuring that there’s adequate staffing coverage and communication plans is a huge part of preparation. It’s not uncommon to hear those in the industry say that holidays and weekends are the most likely time to get a call for a major event. So ensuring that you’ve got the right on-call coverage where needed, and you’re balancing that with providing time to recover and prevent burnout is essential.”

With every cyber event, after-action reviews to document lessons learned and implementing those improvements is an essential part of the lifecycle, Bischoping said.

“Don’t forget to do this,” she said. “There is always room to improve your process or identify where you could close gaps in capability or visibility.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.
Tags: MSPs VARs/SIs Analytics Backup & Disaster Recovery Best Practices Channel Research Security Technologies

Most Recent


  • Smart City, IoT Network
    Abundant IoT, Advisors Tackle the eIoT Opportunity
    CEO Vince Bradley said partners are tapping into eIoT and ESG trends to move up-market with new customers. 
  • Top 20
    Top 20 Stories in January: Avaya, Microsoft, IBM, AWS, Datto, More Layoffs
    ChatGPT cracks our list for the first time. We've also got new hires and security training. But what was No. 1?
  • Update
    Acronis Updates CyberFit Partner Program Amid Rapid Service Provider Growth
    The updates include several programs and promotions for all types of partners.
  • Lawsuit
    Bondholders File Lawsuit Against Avaya for $125 Million
    They accuse the company of misleading investors.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cerberus Sentinel Rebrands As CISO Global to Reflect Growth
  • Making Waves
    7 Channel People Making Waves This Week at Canalys, VMware, Forrester, Check Point, More
  • Source code on a computer screen
    Okta Confirms Another Breach, This Time Source Code Stolen
  • Crystal ball Big Ben London
    Channel Futures' 2023 EMEA Outlook: Partners Will Help Customers Weather the Storm

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Abundant IoT, Advisors Tackle the eIoT Opportunity

February 6, 2023

Top 20 Stories in January: Avaya, Microsoft, IBM, AWS, Datto, More Layoffs

February 6, 2023

Cloud Computing News: Broadcom-VMware, Google-Anthropic, Red Hat, More

February 6, 2023

Industry Perspectives

View all

The Software Patching Problem – Solved

February 3, 2023

How to Break Through the Growth Ceiling

February 1, 2023

5 Things to Look for in a UC Partner

January 31, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

The SMB Opportunity: How to Sell and Service the SMB Market, Capture Customers and Expand Your Business

February 23, 2023

How To Boost Your Business With White-Label UCaaS

February 28, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

.@AbundantIoT is putting more focus on the enterprise, CEO Vince Bradley tells Channel Futures.… twitter.com/i/web/status/1…

February 7, 2023
ChannelFutures

January's #topstories in channel include @Avaya @GTTComm @Broadcom @awscloud @citrix @Salesforce @Datto… twitter.com/i/web/status/1…

February 6, 2023
ChannelFutures

.@Acronis announces #CyberFit partner program updates. dlvr.it/Sj2FZQ https://t.co/z7lRdIRo9R

February 6, 2023
ChannelFutures

More #Avaya trouble: Lawsuit against company by bondholders claims "massive fraud." dlvr.it/Sj2DZT https://t.co/4Q1E7JAXXf

February 6, 2023
ChannelFutures

.@DellTech adds new #APEX delivery options for #delltechnologies partners. dlvr.it/Sj29c6 https://t.co/3qEEYpnOBX

February 6, 2023
ChannelFutures

There are some familiar names in @coxbusiness and @Rapid_Scales recent partner awards. dlvr.it/Sj1zm6 https://t.co/0BuGwBrnvM

February 6, 2023
ChannelFutures

RT @Channel_Expo: We know your mind is on the #BigGame this week, but don't take your eye off the ball! #EarlyBird rates for #CPExpo & #MSP…

February 6, 2023
ChannelFutures

Learn about @bluewavetg's latest deal. dlvr.it/Sj1wrV https://t.co/NCdmJ4OFkf

February 6, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X