’Tis the Season: How to Strengthen Your Defenses Against Holiday Hacking

For an enterprise business, the holidays can be a mixed bag. On the one hand, depending on your industry, you’re either winding down or doing the most business you’ll do all year. On the other, you’re especially vulnerable to holiday hacking attempts. Your customer data makes your organization an attractive target at a time when employee vacation time and office closures mean you have fewer employees to guard against holiday hackers. Threat actors know this, and they use it to their advantage.

Data shows that ransomware attempts increase by 30% during the holiday season. To make matters worse, holiday attacks are more dangerous. Over a third of organizations say it takes longer to stop holiday attacks, and with a breach, every second counts. A similar 31% of organizations say the holiday breaches they sustained cost them more than the average breach.

Don’t leave your holiday security shopping to the last minute. Here’s how you can keep your organization safe from holiday hacking.

‍

How holiday hacking threatens your organization

Increased danger of social engineering

During the holiday season, workers often face a deluge of messages. Other businesses are sending out as many marketing messages as they can, family members are communicating about travel plans, and coworkers are coordinating time off. It can be so overwhelming that they may have trouble telling the difference between the tenth great deal they’ve seen today and a phishing attempt. Threat actors know social engineering has a higher-than-usual chance of success during the holidays. As a result, they tend to make more attempts.

Holiday hackers can pose as brands offering sales, the postal service providing shipping updates, or even your organization’s CEO asking for help. The wide variety of social engineering strategies makes it hard to prepare employees for every eventuality. That’s part of why social engineering attacks account for around 14% of breaches, according to a 2024 Verizon report. 

Weakened response

Although social engineering attacks rise dramatically during the holidays, other breaches can still occur. Credential stuffing, software vulnerabilities, and other breaches may not experience the same uptick as social engineering attacks, but they can become more dangerous.

Under normal circumstances, you likely have a team of cybersecurity experts spotting, diagnosing, and responding to breach attempts. That’s prudent, given the complexity of a modern breach.

However, when the holidays arrive, many employees may take time off. The remaining skeleton crew will have fewer eyes on systems and fewer hands on controls. That makes it easier for threat actors to slip through the cracks undetected. The longer those attackers stay undetected, the more damage they can cause — and the more money they can cost your organization.

No single security solution can prevent every form of holiday hacking. To give your organization the best possible defense, you’ll need tools that guard against stolen credentials, sniff out threat actors, and automatically respond to potential threats.

‍

Tools for defending against holiday hackers

Multifactor authentication

Your first tactic for tackling holiday hacking is to reinforce entry points in your system. Traditional logins are simple: They only require a credentialed username and corresponding password. This may be convenient for your workers, but it’s also convenient for threat actors. 

By adding multifactor authentication (MFA) to your system, you make accessing your network much harder for threat actors but only a few seconds slower for workers. With MFA, a username and password are just step one. Once that combination is accepted, the user has to prove they have access to a device only they can access. Most of the time, that means their smartphone. Authenticators send a code to their phone via email, SMS, or a dedicated authenticator app. That code is generated using a seed that only the secured system and its paired authentication device can access, so threat actors can’t generate their own. Plus, these codes typically last just a few minutes. As a result, threat actors can’t use old codes to bypass the process.

MFA is simple, easy to use, and effective, but it does have weak points. Attackers can still use social engineering to trick employees into sharing authentication codes. They can also overwhelm employees with fake MFA messages in the hopes that user fatigue makes them drop their guard. Finally, MFA has to have backups in case a user’s phone runs out of battery or is lost. Those backup methods can include relatively unsecured external email addresses, which are subject to their own vulnerabilities.

Zero trust network access

To supplement the protection that MFA provides, consider implementing a zero trust network access (ZTNA) solution to further secure remote access. With ZTNA, credentials are just the beginning. It allows you to check other factors, such as when and where users log in and what device they’re using. Doing so lets you double-check each user’s legitimacy. If a threat actor uses stolen credentials but tries to log in from an unknown device, your ZTNA protections can keep them out.

If threat actors gain access using stolen credentials, you need a way to limit their impact and kick them back out. ZTNA can help here, too. Rather than give full system access to users who log in successfully, ZTNA allows you to limit access using “least privilege.” Under this model, users only gain access to the specific apps they need to do their work. If they try to access sensitive data, they’ll need to authenticate again. Stealing one MFA code is difficult. Repeating the job is even harder. When they fail that extra authentication step, they’ll be removed from the system.

Mobile endpoint detection and response

Even with these safeguards against unwanted access, you’ll still need a security solution that can spot and stop breaches. When your security team is out for the holidays, that system needs to function properly with minimal human oversight.

Endpoint detection and response (EDR) continuously monitors user devices, allowing your IT team to view activity in real time. When those workers clock out, EDR stays on the job using powerful automations. It constantly compares user activities against standard patterns of behavior. If a user starts to act suspiciously, EDR can automatically take defensive action. That might mean locking the endpoint out of the system temporarily, quarantining any suspect files, or flagging the anomaly for human inspection. The best EDR uses behavior analytics and machine learning to build profiles of your employees. Over time, it can improve its eye for unusual activity.

In the age of cloud apps and bring-your-own-device (BYOD) policies, EDR needs to extend to employee mobile devices. That’s especially important when phishing attempts prey on workers' implicit trust in their smartphones. Look for mobile EDR that lets you protect employee devices without violating their privacy.

‍

Test your defenses with Lookout

Threat actors are constantly working on new ways to sneak past an organization’s defenses. It can be hard to know whether your security is ready to meet the challenge posed by holiday hacking. If you want to gauge your preparedness, Lookout is here to help. Use the free Lookout Cybersecurity Analyzer, and in seconds, you’ll know how well-protected your system really is. You’ll even receive a free report on any gaps you need to plug, plus recommendations for remediation.