PHOTO
- And who doesn't like weekends and holidays? Cybercriminals are no exception, however they actually prefer to "work" during this time
Everyone loves a long weekend and public holidays, but these special dates also figure highly in the calendar of the cybercriminal. Once a cyberattack gains access to a corporate network, over a holiday it will have more time to spread, since the offices are empty, making it easier for them to go unnoticed. As we head into the holiday season, Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, issues a stark warning about the dangers of letting your cybersecurity guard down during your office down time.
The trend is nothing new. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have already warned of its dangers in the wake of large-scale attacks this year in the US. On July 4th, Independence Day, the cyberattack on Kaseya, an IT management software company for MSPs, suffered a massive attack that affected 1,000 companies, with victims identified in at least 17 countries.
The devastating cyberattack on Colonial Pipeline – which supplies around 45% of the fuel across the US East Coast was carried out over the Mother's Day weekend. As a result of this ransomware attack, it was forced to shut down its operations in order to deal with the threat. On the Friday before Memorial Day weekend, it was meat giant JBS that was forced to pay the equivalent of $11 million in Bitcoins as a ransom to remediate a cyberattack.
During a vacation period or over a weekend, companies often operate with a skeleton team, with fewer staff to be on the lookout for any type of incident. This makes it easier for cybercriminals to operate in several ways. On the one hand, it allows ransomware to be fully deployed before anyone notices and on the other, it causes more panic during response operations, especially if the victim's IT teams are not available to respond. This, in turn, could increase the chances of a ransom demand being paid.
"Long weekends create the perfect conditions for threat actors to cause maximum damage. You need to take into account the fact that, at this time, everything is ‘paralyzed’ so once criminals gain access to the network, there is far more time to extend the attack and reach a large number of computers, and their data. This is one of the reasons why it is essential to have a good cybersecurity prevention strategy and not wait until the damage is already done before you address the problem", explains Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East
Tips for protecting a company from cyber-attacks
- Prevention strategy: in the times we live in, it is essential to have a proactive cybersecurity strategy to prevent data theft and cybersecurity problems. Unlike a reactive strategy, these methods are aimed at monitoring indicators of attack (IoA) and address all processes, technology, systems and people, with a focus on preparing for an attack, not waiting for it to happen.
- Zero Trust Strategy: according to Check Point Software's latest Threat Intelligence Report, 84% of malicious files in the UAE were sent by email. This is why, across the industry, security professionals are moving to a zero trust security mindset: no device, user, workflow or system should be trusted by default, regardless of the location from which it operates, either inside or outside the security perimeter. Applying these principles allows a "Deny by Default" security posture to be adopted where systems are hardened and isolated until a level of trust is established bringing the highest level of protection to a system.
- Protect mobile devices: data mobility is one of the main points to take into account when establishing a cybersecurity strategy. In the current paradigm, in which hybrid working has been adopted in most companies, there is a multi-device situation with many not having the appropriate security measures in place. These businesses are becoming the focus of many malicious campaigns by cybercriminals and so it is key to equip all devices with protective measures against any cyberattack. Check Point Harmony Mobile provides real-time threat intelligence and visibility into threats that could affect businesses, protecting them against any type of attack targeting mobile devices.
- Cybersecurity training: too often one of the main entry points for a cyberattack is an employee's email or device, which is why this is one of the weakest links in any company: the lack of training for its members. It is paramount to train company members so that they are able to identify and avoid possible attacks. A social engineering message encouraging the user to click on a malicious link is enough. Education is often considered one of the most important defenses that can be deployed.
-Ends-
Follow Check Point on:
Twitter: https://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: https://blog.checkpoint.com
YouTube: https://www.youtube.com/user/CPGlobal
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. ( www.checkpoint.com ) is a leading provider of cyber security solutions for enterprises and governments worldwide. Check Point Infinity portfolio solutions protect customers against 5th generation cyber attacks with industry-leading catch rates of malware, ransomware and other threats. Infinity rests on three core pillars that provide uncompromised security and Generation V threat defense in enterprise environments: Check Point Harmony for remote users; Check Point CloudGuard for automated cloud protection; Check Point Quantum for network perimeter and data center protection – all driven by the industry's most comprehensive and intuitive unified security management. Check Point protects more than 100,000 businesses of all sizes around the world.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.