Christmas is supposed to be about peace on earth, but bad news has been everywhere this week in the cybersecurity world, largely because of Log4j. But we’re not going to talk about that. If you are trying to wrap your head around what it is, we like these resources from CISA, Palo Alto, and Talos. We even have a walk-through to help IT professionals strengthen their system (just request it here if you want it). But that’s not what we want to talk about. It’s the Christmas season, which comes with its own cybersecurity risks—risks that are being overlooked because of Log4j.
Christmas is a busy season filled with grace, celebration, peace, and giving, but the crucial part for you and your business is balancing all those beautiful qualities with keeping an appropriate guard up against the number one threat to your business: phishing attacks. Just because Log4j looms large doesn’t mean that the rest of the threats to your business get any smaller.
Phishing attacks rely on a sense of urgency—something our Christmas seasons are filled to the brim with. We rush to the store (or to Amazon) to finish our Christmas shopping, we grind out our work projects to protect our time with family over the holiday, we even fly through writing and sending our ‘Seasons Greetings.’ Phishing attacks prey on this same sense of urgency—your boss has a sudden, before-Christmas-request: click here. Someone has sent you a virtual Season’s Greetings card: click here. Don’t click. Instead, pause, and read the entire message again before you click anything.
Another thing phishing attacks rely on during the holiday season is that our guards are down. We expect to receive emails from people or companies we wouldn’t normally, especially right after Christmas when we are busy making returns. We expect an email from Amazon or another vendor giving us a link to track the progress of shipment or asking if we would like to make a return. Unfortunately, a successful phishing attack doesn’t usually ride solo. Once a successful phishing attack opens the door, it often welcomes ransomware attacks. From Christmas to New Year has some of the highest incidences of ransomware attacks simply because our guards are down.
Finally, phishing attacks rely on our spirit of giving. Christmas isn’t about fancy lights or new stuff. It’s about giving both to our families and friends and to those in need. It’s an excellent time to be a part of charitable causes. However, phishing attacks will often capitalize on this, putting on the face of some charitable organization, requesting with a sense of urgency, and hitting you when your guard is down. Again, just pause. Read again and double-check the sender. You can always visit their website separately to avoid clicking any malicious links.
Christmas is about peace on earth—regardless of Log4j, phishing attacks, and the many crises in our world. This Christmas, breath—slow down, don’t click, and from a spirit of peace, celebrate this season with your family and friends. Keep your guard up and enjoy true peace. Merry Christmas and a Happy New Year from all of us at the Carolina Cyber Center!