It’s the most vulnerable time of the year

With the holiday season upon us, it can be all too easy to get swept up in the festivities. As soon as the Halloween hangover starts to finally wear off, you’re already preparing for Thanksgiving, and then it’s Black Friday and Cyber Monday and then there’s Christmas lights and menorahs everywhere and you’re buying presents and plane tickets and… deep breath… calm down… put some Frankie Goes to Hollywood on and just relax. We need to remember that the holidays can actually be a pretty dangerous period for cybersecurity. To riff off Andy Williams, it’s the most vulnerable time of the year.

The Cybersecurity and Infrastructure Security Agency (CISA) recently warned the public of malicious cyber campaigns where bad actors attempt to send emails and e-cards with malware infected links or attachments. A main driver for risk during the holiday season is the spike in online shopping. These days, more and more people are opting to skip the chaos of Black Friday for the safety and comfort of Cyber Monday. While many are worrying about trusting online companies to deliver their gifts on time, a growing number of customers are also worrying about trusting companies to safeguard their personal information.

With over 1,244 million recorded data breaches in 2018 in the United States alone, and more than 446.5 million records becoming exposed, consumers have a right to be concerned. Deloitte recently found that 56% of shoppers feel little to no control over their consumer data and 79% of shoppers are concerned about shopping at retailers with either multiple data breaches or data breaches within the last year.

For those of us managing security operations, this season of heightened risk requires heightened alertness. Not only do more people shop online, but they’re using even more devices than ever to do so. The proliferation of connected devices has led to more vulnerabilities, making our jobs that much more difficult. Fortunately, there are new solutions as well. One trending response has been the adoption of Security Orchestration, Automation and Response (SOAR) platforms as a new category of security tools.

Threat intelligence management

Batman and the Joker, Neo and Agent Smith, stormtroopers and trees – rule number one of dealing with any threat is to know your enemy. Threat intelligence is the knowledge of a threat’s capabilities, infrastructure, motives, goals, and resources. It allows you to identify and contextualize bad actors, and it’s the first requirement for a safe and effective cyber security defense.

SOAR platforms build upon traditional threat intelligence platforms (TIPs) by taking vulnerability and threat data from multiple sources and then enriching that data with threat intelligence. In other words, they aggregate and validate data from a wider range of sources, and then more efficiently integrate it into an intelligence management system. Businesses are striving to keep up with the current threat landscape with a lack of resources, skills and budgets, and an abundance of tedious manual processes. SOAR solutions are improving the efficiency and quality of work for security operations.

Information is useless unless it can be put to action – it just becomes noise. SOAR sifts through the racket to identify attackers’ tactics, techniques and procedures (TTPs), as well as indicators of compromise (IOCs). With proper management of the information, security analysts are better equipped to contextualize incidents, make more well-informed decisions, and accelerate incident response.

The retail industry frequently suffers from vulnerabilities and gaps in coverage. Centralizing threat intelligence and correlating IOCs with your organization’s Priority Intelligence Requirements (PIRs) is crucial for analyzing and responding to the most pertinent vulnerabilities.

Reporting

There’s a reason people use GUIs instead of text-based interfaces – being able to view information in a more practical and organic way facilitates its usage. Filtering raw data into a more manageable form allows it to be more appropriately aggregated and understood. Like Cypher, you might be able to just see the code, but why would you want to? Analysts’ time is better spent letting the platform do the work for them.

A good SOAR platform presents the data in an easily visualizable manner, allowing security analysts to gain a better understanding of the threats their organizations face. If a retailer invests in curating a cohesive aesthetic for their Instagram profile and followers, shouldn’t they also make sure their security dashboards are just as easy to follow and share with stakeholders? The best platforms have flexible and dynamic dashboarding capabilities, allowing SOC departments to tailor it to their own needs.

What’s more, this aids users by allowing them to tailor it to the needs of others as well. Many in the security industry have long faced the issue of how to illustrate the value that they provide in a concrete way – it can be difficult to explain to others that are less tech savvy what exactly we do. Fortunately, with access to ROI data, tracking, and custom metrics, that value can be made a bit more tactile and apparent. The more effectively we communicate our value, the better it will ultimately be for both our security teams and the companies we work within.

Incident management

There are days where being in cybersecurity operations feels like a warzone. Bombs are going off all around you, tickets are flying in non-stop, and it’s all you can do to triage as much as you can while trying to keep up. By the end of the day, you and your team are overworked, stressed, and burnt out. Security teams are regularly tasked with fixing all things, all the time, 24/7, without the tools or resources necessary to do so.

An effective SOAR platform helps to deal with this by orchestrating and automating responses. Analysts can employ their knowledge through “playbooks” to automate redundant, tedious, stressful tasks. By working at a higher level, analysts can translate their experience and knowledge into more effective processes and smooth over their workflow. Instead of having to deal with everything on a case-by-case basis, they can leverage their understanding of the relevant threats and indicators to create a steadier day-to-day flow.

The point here is to put the analyst in the captain’s seat, think more Picard, less Data. Just write the playbook and set it on its path – you’ll be humming “Make it So” just in time for the holidays. And if you’re worried about missing critical information while your “Out of Office” message is set, a platform with capabilities to provide instant updates is critical. Team-based notification systems can allow teams to stay in touch even when half the office is taking a “work from home” day after the annual holiday party.

Holiday cybersecurity risks

Security breaches are not only costly for the company’s profits, they are costly for the brand’s reputation. With the holidays approaching, cyber analysts face their most hectic time of the year. Bad actors are seeing green, and the sheer increase in activity will be sure to lead to a concomitant increase in work for cyber analysts. We need to make the best use of our resources to not only relieve security analysts of unnecessary stress, but to arm them with the most efficient way to deal with threats.

The holidays are going to be stressful enough – venturing out of the house in the cold, finding the right presents, helping grandma with her IT problems even though you’re on vacation from your IT job. Why not take some of the edge away by destressing our professional life and let technology lend a helping hand?

Let this National Computer Security Day not only serve as a reminder of the data you need to protect, but as inspiration for your holiday wish list when searching for new software and platforms now available to help keep privacy protected.