Subscribe
  • Home
  • /
  • TechForum
  • /
  • Facing hard truths the first step to beating cyber crime over the holidays

Facing hard truths the first step to beating cyber crime over the holidays

Issued by AVeS Cyber Security
Johannesburg, 14 Dec 2022

As companies start to gear down for the holidays, so begins the busiest time of year for cyber criminals. Networks and company systems are typically watched with less scrutiny by skeleton crews, making it a prime time for hackers to ramp up spam, phishing, ransomware and malware attacks. Employees can also be distracted or in a rush to finish tasks as the business prepares to shut down, so they may let their guard down, miss signs of a cyber attack, practise poor cyber safety or get duped through social engineering.

A report in December 2021 showed that ransomware attacks increase by 30% on average across the world during the holiday season, while attempted ransomware attacks grow by 70% in November and December.(1) Phishing attacks also increase dramatically, with statistics in 2021 showing an increase of 150%, as e-mail communication around festive season offers flood inboxes.(2)

With companies’ security postures directly linked to the possibilities of attack, businesses should know the cold hard truth about their cyber security health ahead of the festive season. A vulnerability audit is the starting point for any business that has no view of its security posture.

Vulnerability assessments reveal how organisations’ people, networks, endpoints and web applications could give attackers unintentional access to confidential company data based on how they have been designed and managed.

Performing regular network vulnerability assessments is the best way to mitigate cyber risks, identify network issues and fix vulnerable areas before any malicious unauthorised actions can happen.

For most businesses, a vulnerability audit is an eye-opener, especially for those that believe they’ve got their cyber security sorted. Companies often apply what they can afford to the areas of the infrastructure they believe to be most important, but this approach is costly and not always effective, especially when solutions are badly configured, left unmonitored or out of date.

One study revealed that 84% of companies have high-risk vulnerabilities on their external networks, but that half of these could be removed simply by installing updates.(3)

“It’s impossible to protect what you don’t know needs protecting. Unfortunately, a lot of businesses have no idea where or how they are vulnerable. As threats and threat actors are constantly evolving, vulnerabilities are always shifting, making it prudent for businesses to have cyber security health checks regularly, and before periods when cyber crime is known to increase,” says Charl Ueckermann, Group CEO, AVeS Cyber Security.

Knowing where gaps and vulnerabilities lie is the only way of ensuring that cyber security is beefed up adequately to address them. Patchwork efforts to close security gaps reactively are hardly ever effective, according to Ueckermann.

Additionally, the cost of protecting systems and data against cyber threats can rocket when investments in security technologies aren’t planned and don’t consider the company’s specific risks. At the heart of keeping company networks safe and security costs as low as possible is choosing the right tools for the job, configuring them properly and monitoring them.

“Regular cyber security health checks will pinpoint the most critical operational risks and unique security challenges before attackers exploit their weak links. Until then, it’s all just a shot in the dark.

“With advanced and diverse methods of attack, the overall security posture of network systems, endpoint systems, e-mail users and web applications should be evaluated on a regular basis. An e-mail security scan is just not going to cut it, especially if the software is not updated or if there are loopholes elsewhere.

AVeS Cyber Security urges South African companies to get ahead of cyber criminals this festive season by getting cyber health checks done on their systems. The company is offering affordable festive packages to help companies get equipped for a cyber safe festive season. The packages are focused on equipping businesses to understand where their vulnerabilities are.

“Don’t be scared to discover the loopholes in your organisation’s security architecture and cyber security awareness weak points. Know where you stand so that you know where to begin to protect systems, employees and customers,” concludes Ueckermann.

AVeS Cyber Security’s festive packages include:

  • Internal vulnerability scan – scans the internal network for any vulnerabilities on endpoints as well as at network level.
  • Security health check – reviews the technical configuration of an implemented technology such as endpoint protection or firewall configuration and reports on security risks.
  • Five-day technical risk posture assessment – reviews the technical configuration of all implemented technologies and provides a holistic overview of security gaps within the entire estate.
  • External WebApp scan – scans the external public facing platforms and provides a report on all detected vulnerabilities.
  • Five-hour remote bundle support – remote support bundle to use for technical support.
  • Ten-hour remote bundle support – remote support bundle to use for technical support.
  • Fifty percent off 90-minute live, interactive, instructor-led cyber awareness webinar – in-person or online live, interactive, cyber security awareness training.
  • Twenty percent off fully managed GoldPhish cyber awareness training platform – 12-month access to the innovate, interactive, web-based cyber security awareness training and simulated phishing platform.
  • Managed cloud backup for M365 – fully managed cloud backups for Office 365 data with no infrastructure investment.
  • CIS-based assessment for Azure – deep dive into Azure Environments’ security with a CIS-based assessment, documented findings with recommendations and a remediation roadmap.
  • CIS-based assessment for M365 – application-driven assessment and findings of M365 tenant security configuration. Includes aligning the findings into priority groups and creating a CIS-based report.
  • Online five-day information security assessment based on ISO 27001 – comprehensive maturity assessment of information security, cyber security and privacy based on an international information security standard.
  • Online five-day POPI Act assessment – comprehensive assessment of the company’s related practices and activities in alignment with the requirements of POPIA.
  • Online two-day I&T governance and management masterclass based on COBIT 2019 – learn what and how to align your IT’s objectives, practices and activities to the requirement of the business.
  • Online two-day information security masterclass based on ISO 27001 – learn about the international requirements and implementation guidelines for information security, cyber security and privacy. Covering the protection against confidentiality, integrity and availability.

(1) https://darktrace.com/newsroom/darktrace-reports-30-more-ransomware-attacks-targeting-organizations-during-the-holiday-period-e

(2) https://www.akamai.com/blog/security/phishing-holiday-season-attacks-on-the-rise

(3) https://www.ptsecurity.com/ww-en/analytics/vulnerabilities-corporate-networks-2020/

Share