{"id":6709,"date":"2024-12-20T08:38:07","date_gmt":"2024-12-20T14:38:07","guid":{"rendered":"https:\/\/www.darkreading.com\/cybersecurity-operations\/managing-threats-when-security-on-vacation"},"modified":"2024-12-20T08:38:07","modified_gmt":"2024-12-20T14:38:07","slug":"managing-threats-when-most-of-the-security-team-is-out-of-the-office","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/12\/20\/managing-threats-when-most-of-the-security-team-is-out-of-the-office\/","title":{"rendered":"Managing Threats When Most of the Security Team Is Out of the Office"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Experienced security leaders know that attackers are patient. <\/span><\/p>\n

Attackers can infiltrate corporate chat systems like Slack or Microsoft Teams and just … watch. For months, they monitor conversations, learn who the experienced staff are, and take notes on upcoming vacation plans and each team member’s communication style. Then when the company shifts to a skeleton crew \u2014 perhaps during a major holiday or summer break \u2014 they strike.<\/span><\/p>\n

For one organization, this silent reconnaissance had devastating results, says Ed Skoudis, president of the SANS Institute and founder of Counter Hack. An attacker posed as a trusted colleague in a chat channel and tricked a junior employee into making critical configuration changes while many team members were on vacation. The employee, isolated and eager to help, had no reason to doubt someone who was inside the company’s trusted environment. The attacker’s patience, timing, and social engineering created a perfect storm \u2014 one that underscores the need for verification, vigilance, and better operational safeguards during periods of reduced staffing.<\/span><\/p>\n

Whether it is the slow week between Christmas and New Year’s Day in Western countries, the European summer break in August, or other periods during the year when large numbers of employees go on vacation, organizations with a global footprint must maintain cybersecurity continuity during regional slowdowns. Holidays like Lunar New Year in Asia and the <\/span>Eid feast days<\/a><\/span> in the Middle East often mean fewer workers overseeing critical operations. When part of the workforce scales down, attackers ramp up.<\/span><\/p>\n

“This is a very hard problem,” says Skoudis, noting that fewer people at the helm leaves organizations vulnerable to attack. Security leaders have the challenge of protecting their environments when half the security team is offline.<\/span><\/p>\n

Why Cybercriminals Like Holidays<\/h2>\n

With remote workforces, companies have fewer touchpoints with employees. Add holidays to the mix, and security teams face a slew of potential risks during these times.<\/span><\/p>\n

“Attackers go on crime sprees during the holidays,” Skoudis says. “They know organizations are downscaling operations. Combine that with staff who may be junior, unfamiliar with procedures, or isolated, and you have an ideal time for attackers to strike.”<\/span><\/p>\n

Beyond direct threats, these slow periods also exacerbate operational gaps. Patching schedules, configuration monitoring, and incident response times can lag.<\/span><\/p>\n

It’s not just defense, says Chris Niggel, a regional CSO at Okta. It’s about making sure operations continue to run smoothly when teams are short-staffed.<\/span><\/p>\n

“The biggest challenge is making sure that your teams can maintain the service-level agreements and are able to react to threats quickly, even when the teams are smaller,” Niggel says.<\/span><\/p>\n

For example, the critical vulnerability in Log4j was discovered toward the end of December 2021, a time when many organizations were operating with minimal staff. Addressing the flaw required immediate and prompt action, and many businesses struggled to respond quickly enough. Attackers, well aware of the delays in response, seized the window of opportunity to exploit unpatched systems.<\/span><\/p>\n

“Teams were already thin, but still had to react,” Niggel says. “That’s where having solid communication plans and fallback strategies is essential.”<\/span><\/p>\n

Niggel also notes that organizations that fared better during Log4j had prepared for such scenarios by implementing automated monitoring tools, preemptive patching plans, and clear escalation paths for when key personnel were unavailable. These measures ensured that vulnerabilities could be prioritized and addressed, even with a reduced workforce.<\/span><\/p>\n

Preparation Is Key to Bridging the Gaps<\/h2>\n

By identifying risks, training employees, leveraging technology, and strategically distributing workloads, companies can create a safety net that protects both systems and operations. The key is not waiting until the last minute; preparations must be in place before staff members sign off.<\/span><\/p>\n

Organizations can mitigate holiday risks with proactive strategies:<\/span><\/p>\n

\n