The “holiday freeze” is upon us, that time of year when retailers and businesses put a hold on changes to their computer networks and systems until after the new year. With the massive onset of holiday shopping in progress, the focus is on capturing sales rather than the protection of personal data. Deployment of patches and other security measures meant to keep hackers out is furloughed. In addition, CSOs are asked to hold off on taking systems down for necessary security updates and related maintenance. As a result, it’s prime time for cybercriminals to take advantage of the situation.
Evidenced by Target’s nationwide credit and debit card compromise on Black Friday last year, hackers sit in wait for these few weeks when all heads are turned for the sake of holiday shopping. With Apple’s confirmation of its holiday freeze on iTunes and App Store submissions and its admonition that no data will be processed for a full week (December 22 – 29), this substantiates the fact that businesses are adhering to “the freeze” and giving the green light to hackers in wait.
According to a recent Technical.ly Baltimore article, experts disagree on whether the timing of these data breaches is coincidence. Ron Gula, CEO of Columbia’s Tenable Network Security says more breaches like it are likely, in part because of that “holiday freeze.”
A little over 10 percent of stores nationwide take adequate security measures and are spending less on network security now, too, with $4.1 million in protections this year, down from $4.3 million last year, according to Tenable data. And breaches, like that Target data theft, were up more than 26 percent last year.
Making matters worse is that retailers are reluctant to update — not because the IT department has collectively gone home for the month, Gula said, but because companies judge the cure could pose more short-term risk than the disease.
However, Avi Rubin, a computer science professor at Johns Hopkins University and technical director of the university’s Information Security Institute, doesn’t believe these attacks are necessarily limited to such times. “They seem to crop up at arbitrary times,” Rubin said. He did concede, however, that retailers leave themselves unprotected during the holiday rush.
“When you change your systems … things sometimes break and you want to make sure that things are up and running when you’re going to do a large percentage of your business,” Rubin said.
Earlier this month, Tenable released the newest version of its Nessus software, which scans individual and enterprise networks for security and compliance. The software automates scanning and detects malware.
For more information regarding the “holiday freeze” and its effect on consumer data, read the full Technical.ly Baltimore article.
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.