Just a week before Thanksgiving, Shoppers at Stop & Shop stores throughout Massachusetts The supermarket chain was forced to leave empty-handed after it ran out of inventory due to a cyberattack against its parent company.
Parent company Ahold Delhaize said in a statement Earlier this month, it alerted law enforcement about the cyber breach and took some systems offline. “While there may be some limited inventory for some products, we are working on re-stocking our shelves and expect item availability to continue to improve over the next few days,” the company said. But the incident could be a sign of things to come during the holiday season, when cybersecurity crises are likely to be at their peak.
This year already the corporate giants are liking AT&T, ticketmaster And joint health Paralyzing cyber attacks have occurred, and now, businesses are preparing for the holidays, a time when many cybersecurity operations rely on skeleton staffing. But the FBI and the Department of Homeland Security are alert This is not the time for them to take a “cyber vacation.”
The majority of ransomware attacks that hit businesses and organizations last year – 86% – occurred on a weekend or holiday, according to a new global study of 900 IT and security professionals. released this week by cyber security firm semperisBut the researchers also found that 85% of organizations surveyed – 90% in the US – reduced security staff by 50% during the same period.
“This study would say that we are not making informed choices,” Chris Inglis, a former White House “cyber czar” and strategic adviser to Semperis, told CBS News. “If you find out that most of these attacks happen on holidays and weekends and you crunch your numbers, you essentially take away the opportunity to have parity with your adversaries,” Inglis said. He added, “The advantage goes to the attacker, because they're not taking a day off. They never take a day off.”
According to the report, organizations continue to overestimate their security, with 81% of respondents reporting that they believe they have the necessary expertise to protect their digital identities from threats. Still, 83% of participants suffered a successful ransomware attack within the past year.
Organizations are beginning to realize they are more vulnerable around the holidays, but Inglis suggested consumers also need to remain vigilant. Technologies like smart phones and tablets are now affordable and almost ubiquitous, but security measures have not been taken into account.
“We haven't really made the investments necessary to make it so that these technologies – or this system of technologies – are defensible and well-secured,” he said.
According to the survey, mergers, acquisitions, stock launches or layoffs also act as “magnets” for ransomware attacks, with the majority of respondents – 63% – also experiencing a cyberattack following a “physical corporate event.”
With financial executives predicting that President-elect Donald Trump's return to the White House could trigger a wave of mergers and acquisitions of banks, cybersecurity experts worry that cybercriminals will be able to exploit these “moments of distraction.” Will be.
Inglis said, “Our adversaries – whether they're criminals or foreign, rogue nations – they test the waters every day. They're conscious of the fact that our attention spans wax and wane.” “If there's a merger or administration change, those are moments of distraction. So we can expect they'll do what they always do. It's not that they're searching in the moment, it's that they Consider your opportunities perhaps more productive at this moment.”
In February, UnitedHealth Group suffered the largest hack in US healthcare history, when its acquisition of Change Healthcare meant it inherited old technologyDigital systems are not yet secured by multi-factor authentication.
In addition to the anticipated onslaught of big bank deals, changes in administrations – regardless of politics – have historically tempted foreign adversaries to test the security of the new leadership in Washington. In 2021, President Joe Biden inherited the fallout from a sophisticated Russian cyberattack carried out against Texas software maker SolarWinds, which was used to breach nearly 100 top US companies and a dozen government agencies.
In June 2017, Russian forces carried out the devastating 'NotPetya' cyber attack during Trump's first year in office, spreading a virus that crippled parts of Ukraine's infrastructure and devastated computer systems around the world. . There was damage worth billions.
According to Semperis, security staffing also remains a widespread challenge across industries, with only 85% of organizations maintaining a year-round, 24-hour security operations center, and staffing from high overtime costs when most employees are typically out of the office. Challenges have to be faced. Around the holidays.
Contributing to cybersecurity staffing headaches, cybersecurity workforce growth worldwide has stagnated for the first time since 2019. With only 0.1% year-over-year growth through 2024, budget cuts, layoffs and hiring freezes have exacerbated the global staffing shortage of cybersecurity professionals. According to a recent Report released by ISC2,
The former US national cyber director said he is regularly asked what keeps him up at night. “It's not the attackers, the Russians, the Chinese, or any type of ransomware artist. It's us,” Inglis said. “Sometimes, it's the complacency and active indecisiveness on our part that is actually, I think, more determinative for our future.”