Check Point Software Warns That Long Weekends May See an Increase in Cybercrime

As most of Southeast Asia looks forward to a longer weekend breaks like the upcoming Hari Raya Haji this July, Check Point® Software Technologies Ltd., a leading provider of cyber security solutions issues a stark warning about the increased threat level from cybercriminal gangs during extended holidays. 

Long weekends and holidays have always been prime time to launch a cyberattack. Over the last 12 months, we have seen a large-scale cyberattack on Kaseya, an IT management software company, that occurred during the US Independence Day weekend, the infamous attack on Colonial Pipeline which happened during Mother’s Day weekend or the JBS cyberattack on the Friday before Memorial Day weekend. 

Cybercriminal gangs are well organised and wait for the perfect opportunity to strike. With the relaxing of border regulations in most of Southeast Asia, coupled with the recent school holidays, many employees are taking the opportunity to clear their annual leave and take long awaited vacation with their loved ones. During these times, companies often operate with a skeleton team, with fewer staff to be on the lookout for any type of incident. This makes it easier for cybercriminals in several ways. On the one hand, it allows ransomware to be fully deployed before anyone notices and on the other, it causes more panic during response operations, especially if the victim’s IT teams are not available to react. This, in turn, could increase the chances of a ransom demand being paid.

“Long weekends and peak vacation periods create the perfect conditions for threat actors to cause maximum damage,” explains Teong Eng Guan, Regional Director, Southeast Asia and Korea, at Check Point Software Technologies. “During these periods, everything is ‘paralysed’ so once criminals gain access to the network, there is far more time to extend the attack across the network. This is one of the reasons why it is essential to have a good cybersecurity prevention strategy and not wait until the damage is already done before you address the problem.” 

Four tips for protecting a company from cyberattack this long weekend:

1. Prioritise prevention – Prevention should be the number one priority for any business looking to keep its data secure. By implementing a preventative strategy as opposed to reactive, companies can respond faster and more efficiently when faced with an attack.
2. Educate employees – By investing in the education of your workforce, you can keep your critical assets much more secure. This is because humans are one of the weakest links in any company. It is paramount to train staff members so that they can identify and avoid possible phishing emails or texts. 
3. Protect personal devices – Because of hybrid working, many companies now have a multi-device situation with many not having the appropriate security measures in place. These businesses are becoming the focus of malicious campaigns by cybercriminals and so it is key to equip all devices with protective measures against any cyberattack.
4. Implement zero-trust – No device, user, workflow, or system should be trusted by default, regardless of the location from which it operates, either inside or outside the security perimeter. Applying these principles allows a “Deny by Default” security posture to be adopted where systems are hardened and isolated until a level of trust is established bringing the highest level of protection to a system.