Could a cyber attack be the gift you don’t want this Christmas? As organisations start to wind down and even close for the festive season, reduced staff count can leave businesses vulnerable to cyber criminals. Out of office shouldn’t mean out of mind, so what can your organisation do to protect itself over the festive season?
On the first day of Christmas my CISO said to me
Has staff security and phishing training been conducted this year?
Phishing attacks soar by 50% through December – it is important that employees are up-to-date and follow the latest guidance.
On the second day of Christmas my CISO said to me
Be proactive when it comes to defence.
Actionable cyber threat intelligence enables organisations to proactively defend against potential cyber threats. It provides insights into emerging risks and vulnerabilities, allowing for pre-emptive security measures. We should also adapt to changing technologies and evolve. Cyber Threat Intelligence helps organisations adapt their security strategies to address threats associated with new technologies, such as cloud computing, IoT, and AI.
On the third day of Christmas my CISO said to me
Make sure everyone knows where to go for help.
Data protection and cyber security questions can be complicated and sometimes even the DPO and CISO need help. Make sure everyone knows the importance of getting things right and has access to expertise when they need it. Getting things right from the beginning is almost always cheaper than trying to fix things that have already gone wrong.
On the fourth day of Christmas my CISO said to me
Stay ahead of evolving threats.
The cyber threat landscape is dynamic, with new threats constantly emerging. Actionable Cyber Threat Intelligence allows for the timely identification of potential threats and helps organisations, ensuring that security measures are aligned with the current threat landscape. Early detection is crucial in preventing or mitigating the impact of cyber attacks.
On the fifth day of Christmas my CISO said to me
Is our malware solution in place and being maintained?
Hackers often target low hanging fruit like weak passwords or unencrypted data. Regularly reviewing network security controls every six months can help prevent a security breach.
On the sixth day of Christmas my CISO said to me
Have pen tests and vulnerability scans been conducted?
Pen testing helps organisations to understand if their controls are as effective as they think they are. Pen tests are key for those organisations who need to comply with PCI v4 controls, and they will also need to consider ASV scans and script monitoring.
On the seventh day of Christmas my CISO said to me
Do you have a plan for AI?
Artificial intelligence has been the biggest buzzword for 2023 and we expect to see more AI-enabled projects in 2024 as companies look to improve productivity and customer experience and do more with less. Confidence is key – that you’ve picked the right project, that it will work as intended, and that it will be accepted by users. Training, strategy and experienced guidance are the roots of success.
On the eighth day of Christmas my CISO said to me
Follow best practice marketing compliance.
The economy looks challenging, so it’s important to get marketing compliance right. Poor compliance practices could be costing you dearly in lost sales if they result in customer data you can’t use for marketing. Improving your existing data and permissions pathways could be a quick way to improve your ROI.
On the nineth day of Christmas my CISO said to me
Develop Tailored Defence Strategies.
Armed with actionable intelligence, organisations can develop tailored defence strategies that specifically address the characteristics and methods of identified threats. This ensures a more effective and focused cybersecurity posture. Actionable Cyber Threat Intelligence provides the information needed to overcome adversaries. By staying ahead of potential threats, organisations can anticipate and counteract the tactics, techniques, and procedures used by cyber criminals. With a clear understanding of imminent threats, it’s easy to prioritise cybersecurity budgets more effectively. This ensures that resources are allocated to address the most critical and impactful risks.
On the tenth day of Christmas my CISO said to me
Have you checked account access?
This is particularly important for organisations that need to comply with PCI. Have you reviewed all user accounts and access privileges, including third-party/vendor accounts, in the past six months? Have you removed or disabled all inactive user accounts within 90 days of inactivity? The assessment deadline against v4 is 31st March 2025. The more you can do ahead of time to prepare, the better.
On the eleventh day of Christmas my CISO said to me
Are you still maintaining vendor updates and patches for your environment?
Software updates like PCI v4 aren’t perfect, and hackers will test vulnerabilities in order to exploit them. Regular patching helps your organisation to eliminate weak spots before hackers exploit them.
On the twelfth day of Christmas my CISO said to me
Have you checked your inventory of the entity’s trusted keys and certificates is up to date, and have you changed your encrypting keys and certificates in the past 12 months?
Compliance with PCI v4 includes secure transmission of cardholder data requires using trusted keys/certificates, a secure protocol for transport, and proper encryption strength to encrypt cardholder data. This can require several steps and involving multiple teams, so it is important to start to plan for these changes now.