Skip to main content

Q&A: What is the cybersecurity impact of employee time off?

HP Wolf Security
(Image credit: HP)

What are the challenges around staff taking annual leave? How is this impacting businesses?    

Part of any business plan has to account for employees taking time off work. This has particular significance for those involved with monitoring company security systems. Recent events have shown us the devastation that can occur when criminals target organizations at their weakest moments. The supply chain attack on Kaseya this month coincided with the US celebrations over the 4th July weekend. Whilst employees were off duty, threat actors went to work.  

The attack was well-timed. It was no coincidence that hackers seized the opportunity to strike knowing full well that many businesses would already be stretched to accommodate employees heading off for the long weekend. Major cyberattacks often take place out of normal working hours, over weekends or around national holidays as criminals know that businesses will not be at full capacity. With security teams down to limited numbers, hackers are more likely to get further in their attack before their activity is detected.   

The challenges of limited resources are not confined to security teams. PR teams which play a vital role in communicating events to stakeholders are also likely to be running under normal capacity during holidays or out of hours. Without a doubt, scheduled time off can leave organizations more vulnerable to malicious assaults and strategies have to be put in place to mitigate these risks. 

Are attackers becoming more sophisticated in how and when they attack? 

Over the past 18 months, the huge changes to the way that employees work have significantly expanded the attack surface. The old definitions of a company’s perimeter have altered meaning it’s now far more porous, and with employees accessing the network from any number of remote locations at any time, it’s harder for teams to detect unusual activity.  

Attackers are becoming more sophisticated and changing tactics to match the shifts in working practices. Without the appropriate defenses, organizations could leave their networks open to cyberattacks as criminals scour the infrastructure for weaknesses.  

The attackers themselves range from inexperienced, individuals intent on causing disruption to organized criminal gangs and nation-state actors with malicious intent and a plethora of tools at their disposal. 

How can organizations prepare?   

It’s vital that companies have the correct security policies and plans in place to protect against attacks, all year round. Whilst it is impossible to be completely prepared for the unknown, there are three simple steps that businesses can follow to make sure annual leave doesn’t unravel the time and effort put into keeping the company secure. These steps are: prepare, drill and execute.  

With opportunities to travel slowly opening up again after the pandemic, more employees will be able to take much-needed holidays following the disruption of the last year. 

Cybercriminals are likely ready and waiting for this opportune moment to strike. A well thought out and comprehensive security strategy is therefore critical.  

Preparation is step number one with a comprehensive plan that includes responsibilities such as detection, action and communication. Teams need to be able to shift and pick up the slack if a member of their team is off work. This is fundamental for maintaining a high level of security as it means each role is not fixed to one person.  

In the same way that organizations often have fire drills, teams should practice responding to a potential cyber breach. This is a good way to test both the security and communication processes in the event of an incident and to identify any weak points.  It’s all about knowing who’s responsible for what, who needs to be contacted outside the business, and what the priority actions are.  

Finally, the plan should be viable all year round, taking into consideration the particular pressure points of holiday time. Teams need just as much manpower in the holiday seasons as they do in other months, so there cannot be any exceptions. Businesses cannot afford to wait for an attack to strike before responding. Instead, proactivity should be top priority. To avoid being a deer caught in headlights, companies need a strong and structured crisis plan to help guide teams through the incident.

How can organizations defend themselves?   

It is impossible to predict each and every attempt made by cybercriminals but teams can do their best to mitigate the fallout when one hits. This procedure should include details of what external security companies should be contacted and how to isolate the network to avoid lateral movement and further damage.  

Alongside this, organizations should carry out the basic practices for security hygiene on a regular basis. Often, major cyberattacks could have been mitigated, or even prevented, if more attention had been paid to the fundamentals of cybersecurity. For example, it has been revealed that there were warnings of security flaws at Kaseya dating back to 2017. The reported flaws included software underpinned by outdated code, weak encryption and passwords, and failing to follow basic security practices. Kaseya certainly wasn’t the first victim with gaps in its security, and unfortunately, it’s unlikely to be the last.  

Holidays are a time for relaxation and recuperation – the chance to take a break from the stresses of work. Simply following the three easy steps – prepare, drill and execute – will help businesses stay on top of security all year round.

David Sygula, senior cybersecurity analyst, CybelAngel

David is a senior cybersecurity analyst at CybelAngel. He has been in the IT industry for over 10 years. Exploring the Internet and unearthing sensitive data is part of his daily routine.