Cybersecurity warning

Top Cybersecurity Officials Warn Business Execs of Possible Holiday Cyberattacks

Two senior cybersecurity officials from the government penned a letter to corporate CEOs and business leaders warning them of hackers looking to take advantage of the holiday season.

The letter was written by National Cyber Director Chris Inglis, an upcoming Potomac Officers Club speaker, and Anne Neuberger, the national security adviser for cyber and emerging technology at the National Security Council.

According to the officials, cyberattacks have historically been rampant around national holidays because malicious cyber actors capitalize on security operations centers being understaffed, Bollyinside reported.

“In many cases criminals plan and actually begin an intrusion before the holiday itself – they infiltrate a network and lie in wait for the optimal time to launch an attack,” Inglis and Neuberger wrote.

To defend corporate networks, they recommended that organizations patch vulnerable systems, mandate the use of multi-factor authentication on sensitive accounts, ensure backup data and increase cyber awareness training for employees.

The letter comes after the emergence of a critical vulnerability affecting Log4j, a Java library developed by the Apache Software Foundation. The vulnerability exposes users of Log4j versions 2.0-beta9 to 2.14.1 to unauthenticated remote code execution by adversaries.

The Cybersecurity and Infrastructure Security Agency already issued guidance to protect public and private sector organizations of the security flaw and has given federal agencies until Dec. 24 to apply fixes.