Black Friday, the day after Thanksgiving in the United States, the ultimate celebration of shopping. Many US states even declare it a public holiday. Stores open their doors in the early hours to welcome the seething hordes of frenzied shoppers in search of their one-day deals – minor injuries are common in the dawn stampedes and even violence occasionally breaks out… mainly in the home electronics sections!
Black Friday also heralds the start of the Christmas shopping season, and with it a spike in online activity. But it’s not just shoppers who are cyber-busy at this time of year. There’s another group who invite themselves to the party – festive cyber criminals!
A recent survey of participants at a conference held by Defcon, the hacking organization, revealed that 56 percent of attendees thought that the winter holidays were an excellent time to indulge in a little corporate hacking. The reasons for this, if you think about it, are quite obvious. For a start, there are less people at their desks – the others are taking annual leave to enjoy the festivities with their families. Those that are in the office are winding down to the end of the year, putting up the decorations, going to office parties… their defenses are down, their vigilance in sleep mode.
So how can you be sure that your company is equipped to survive a cyber-attack at this, or any other time of the year?
Well, some lucky companies in Qatar are about to find out. This week sees the third annual Qatar Cyber Security Drill, Star-3. Organized over four days by ictQATAR’s Computer Emergency Response team, or Q-CERT, the drill will place participants in simulated crisis situations and observe their responses to the threats they are presented with. Up to ten participants from each organization will attend the event at Qatar University, with teams from the energy, finance, healthcare, government, telecoms and transportation sectors already confirmed.
Star-3 will simulate the normal daily operations of an organization with a sudden interruption by a series of cyber threats. The responses to those threats will be based on balanced engineering, business and security priorities set against the cost of the cyber-attack to the organization. More interestingly, the scenarios the teams will be presented with will each have a time limit, and the decisions made to combat them will have an impact on the next scenario, so teams will need to think about their overall defense strategies.
I’ll report back in next week’s blog on the outcomes, so watch this space. Let battle commence… !