Sizzling tips for IT teams facing cybersecurity risks this summer
Fri 11 Aug 2023
While most people associate summer with holidays, this is a demanding and risky time for IT teams facing cybersecurity pressures. These teams are often understaffed during this period, but operations must continue without disruption. So what can IT teams do to get through this time unscathed?
IT expert Mark Molyneux knows this phase from his time leading a global operation, and shares several tips on how teams can prepare well and reduce cybersecurity risks to IT during the summer.
– – – – – –
Cybersecurity risks heat up in the summer
School holidays across Europe run from July to September, so many of those in the IT industry are away too. This often leads to short-staffed teams throughout these months.
The summer period is perhaps the worst time of the year for IT and security teams to miss potentially catastrophic cybersecurity events, heightened by changes in how and where employees access the company’s systems through remote working, and often using unsecured WiFi from holiday destinations.
Hackers know that teams are understaffed. They are aware that experts in specific disciplines, applications, or defence systems take time off. It’s no secret that users sometimes access data through unauthorised, insecure devices.
Statistics from the BSI for 2022 show that malware activity remained consistently high even during the summer months.
How can I reduce IT risks during the holidays?
Stay in operational mode
IT teams should consider adjusting the majority of their focus to an operational mode over the summer break, with the primary goal of keeping systems running in their current state.
Migrations and change processes, or intensive rollouts, should be postponed to other times. Change does not have to cease, but it should be risk-weighted and driven by business criticality.
Prioritise crucial patching
Just in mid-June, VMware released a patch for a critical vulnerability in the vCenter Server. In order to correctly classify such an event, IT teams should divide their systems and applications into resiliency categories. This can allow them to clearly align patching strategy, recoverability, and service levels such as DTO, RPO, RTO, to their applications and workloads.
When the most critical tier(s) is impacted, which is likely to be the case for a core asset like VMware, teams should prioritise testing and roll out of this patch. However, other lower-category incidents can be triaged and parked until the teams are complete, or the respective platform experts return from vacation.
Incidentally, the teams will benefit from this categorisation throughout the year, as they can prioritise tasks according to business priority.
Make consequences transparent
This categorisation also helps to better prioritise everyday tasks. For example, if backup jobs fail for high-tier systems, teams should reschedule them to prevent data loss and keep within the recovery service levels.
Ideally, with modern data management systems, this is done by an AI-controlled background process, which completely relieves the IT teams of this task.
Be transparent with knowledge gaps
The larger the IT group, the more members specialise in certain application architectures, systems or programming languages. Performing a regular skills assessment and producing a gap analysis to feed into staff development plans, at least annually, is key to reducing or closing these skills gaps.
Ideally, all teams should also coordinate their absences so that enough generalists can ensure ongoing operations. It is unavoidable that gaps in knowledge will arise during the holiday season because the Python expert is lying on the beach, but bringing mitigation in through shared responsibilities across IT will help reduce risk.
This organisational matrix should also record which special tasks the team members take on in everyday life. It could be the case that an IT expert manually deletes the cache of a critical system once a week so the disks do not fill up. If this colleague is on vacation, these tasks could be neglected and the system could get into a critical state. This knowledge should be recorded centrally in order to be well prepared in the event of a crisis.
It sounds very basic, but many operations still have these heritage practices in place today.
Anticipate differing data patterns and user behaviour
In the summer, the data pattern in companies and, depending on the industry, user behaviour changes dramatically. In a bank for example, credit card services are in demand in the summer, while mortgages are typically lower. The load and the amount of data will change. AI-supported analysis now helps to predict these trends and to allocate sufficient resources.
Crisis-proof the Board
Since the teams are understaffed, the risk of a successful attack is higher. The board members and managing directors should be aware that they will be involved in crisis management during an emergency.
Wherever you are in the summer, it will be crucial to have all the necessary tools and information at hand to form the crisis team and kickstart the process. Otherwise valuable time will be lost.
Explore the potential of AI
AI can dramatically reduce the massive toll on IT and security teams during the holiday season by offloading them from many of the important but tedious tasks. Providing comprehensive reporting, and clear and concise next steps, giving a wood-from-the-trees perspective to operational groups that are undersized for the difficult jobs at hand.
People as creative experts intervene when things become complex or important. In this way, AI can make a massive contribution to increasing cyber resilience against attacks that, ironically, are increasingly being carried out by AI.
About the Author
Mark Molyneux is the EMEA CTO of Cohesity. He is a strong senior leader with expertise in strategic technology decision-making, financial management, workforce development, and 20 years’ experience managing large globally diverse teams.
If you have an opinion you’d like to contribute to Techerati, please contact our Editor (Stuart Crowley – [email protected]).
Hungry for more tech news?
Sign up for your weekly tech briefings!