Q&A: What is the cybersecurity impact of employee time off?
This article was written by David Sygula of CybelAngel and originally published on ITProPortal.com.
Annual leave, another security challenge that cybercriminals take advantage of.
What are the challenges around staff taking annual leave? How is this impacting businesses?
Part of any business plan has to account for employees taking time off work. This has particular significance for those involved with monitoring company security systems. Recent events have shown us the devastation that can occur when criminals target organizations at their weakest moments. The supply chain attack on Kaseya this month coincided with the US celebrations over the 4th of July weekend. Whilst employees were off duty, threat actors went to work.
The attack was well-timed. It was no coincidence that hackers seized the opportunity to strike knowing full well that many businesses would already be stretched to accommodate employees heading off for the long weekend. Major cyberattacks often take place out of normal working hours, over weekends or around national holidays as criminals know that businesses will not be at full capacity. With security teams down to limited numbers, hackers are more likely to get further in their attack before their activity is detected.
The challenges of limited resources are not confined to security teams. PR teams which play a vital role in communicating events to stakeholders are also likely to be running under normal capacity during holidays or out of hours. Without a doubt, scheduled time off can leave organizations more vulnerable to malicious assaults and strategies have to be put in place to mitigate these risks.