Get a free application, infrastructure and malware scan report - Scan Your Website Now

Cybersecurity in the Holiday Season

Posted DateDecember 15, 2015
Posted Time 4   min Read

More than 56% of cyber criminals think that the winter holidays are the best time for corporate hacking. While the survey was conducted a few years ago at the DEFCON, respondents cannot be any righter in any year. Usually, organizations freeze all their technology developments and cybersecurity patching updates citing that most employees do not work for a week or two. Now at the same time, with Christmas being one of the higher sales volume days, application changes are inevitable. This conflict of interest leaves a minuscule vulnerability window that hackers can exploit.

How else would you explain the sudden rise in malware circulation and phishing emails in the holiday season? Sony PlayStation and Microsoft Xbox received bad publicity last year with the so-called ‘Christmas Hack’. It is also happening with holiday companies like Sheraton and Westin chain and Trump Hotels.

Major Web and Mobile Application Changes

People are keener to spend money in December around Christmas and New Year across the sectors. That is probably why almost all marketing and sales efforts are on hold just before the winter holidays.

Cybersecurity in the Holiday Season
Both B2B and B2C companies invest heavily in winter sales surge activities, where security often takes a back seat. It is also a huge bid on closing the last quarter of the year on a high. Both traffic and online payments obviously rise within these months, leaving little time to focus on anything else.

In one of our previous posts, we have already talked about how overlooking cybersecurity and updates may lead to undetected OWASP vulnerabilities that pose data breach and server downtime risks. Shouldn’t it be the first step to making people comfortable with sharing card info online and of course to prevent exploitation? Unfortunately, many organizations know little about it.

We understand that cybersecurity can often be daunting. What are the matters that you should really look into? Why is there a new kind of threat every few weeks? How can someone monitor threats?

Proactive Application Protection

Gartner estimates that 70% of all hacks happened at the application layer. These apps are complex to build and even more complex to find out what is wrong with them, given that a major chunk of the code comes from the Open Source.  In fact, last December only AliExpress from Alibaba Marketplace was detected with Cross-Site Scripting (XSS) vulnerability that allowed attackers to take over a few of the merchant accounts.

So, what’s the solution? It is critical for organizations to find out weaknesses within the framework even when human resources are unavailable or just too busy for the task. That is when Web Application Scanning becomes so critical. It not only finds vulnerabilities continuously but also helps you prioritize on what needs your attention first.

Web Application Firewall is the other important piece of the process that blocks attacks from hackers even when you cannot repair or patch the application. It becomes even more important if the package includes DDoS Protection, which is a major cause of concern for most businesses during the holiday season.

Security That Never Sleeps, Or Takes Vacations

No matter what kind of security mechanism you invest in, machine logic has limitations. Take business logic vulnerabilities for instance. A business logic flaw is an application vulnerability, which arises by circumstantial security weakness.

Machines, unlike human brains, work on simplified binary logic. They respond to conditions that must lead to a simple ‘YES’ or ‘NO’, and absolutely nothing between it. On the other hand, people running businesses think. They make decisions. Often quickly, frequently, and making them out most of the available information, which can create logic loopholes that even automated scanning cannot detect.

False-positive is one of such problems that cost companies millions every year. It is basically a false alarm caused by a flaw in logic. Think of a security guard whose job is to keep suspicious individuals out of your property, but who instead denies access to your family members due to some misplaced understanding of what you told him. Wouldn’t that frustrate you to a level of firing that security guard? That is something that a Web Application Firewall can face too.

5 Phishing Mistakes Hurting You and Your CustomersThat is why larger organizations will inevitably look for security options that bring the human advantage to the equation.

Since we have already talked about how human involvement decreases around the holiday season, how about a cybersecurity team that will be working for you day in and day out?

Indusface’s Total Application Security is a completely managed web application scanning and firewall solution. It allows you to focus on key business activities at any time of the year while a dedicated cybersecurity team looks at your security on the concept of ‘Detect, Protect, and Monitor.’

Cybersecurity in the Holiday Season

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

cybersecurity trends 2023
19 Cybersecurity Trends Every CISO Must Prepare for in 2023

Cybersecurity threats are evolving rapidly, and CISOs must be ready to face the challenge. Be prepared for the top trends of 2023.

Read More
cybersecurity in the workplace
Why is Cybersecurity in the Workplace Everyone’s Responsibility?

When it comes to cybersecurity in the workplace, everyone is responsible. Everyone in an organization is at risk. Not one person is excluded from that list, regardless of how careful.

Read More
Top Cyber Security Trends
Top 12 Cybersecurity Trends to Look Out For in 2022

Cyber incidents are in rise day to day. In this article, we will take a look at the cyber security trends that are likely to shape the industry in 2022.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.

A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™

The reviews and ratings are in!