It’s no secret that the holiday season represents a massive opportunity for organizations. For some industries, over a quarter of their revenue comes in October, November, and December, with a significant portion coming over just five days, the extended Black Friday weekend also known as Cyber 5.
Between Thanksgiving and Cyber Monday, revenue-focused teams celebrate their influx of sales. In contrast, often under-resourced cybersecurity teams are left to wage wars against the bad actors hidden amongst the ever-growing traffic. Like a scene from a futuristic version of the movie “300,” these typically smaller but mighty teams are pushed to prepare and likely fight attackers 24 hours a day to ensure nothing impacts customers trying to finish that all-important checkout purchase.
To increase readiness and expertise, organizations regularly turn to managed security services to augment their capabilities and maximize uptime and availability. While this all but guarantees surviving the Cyber 5 without a hitch, as a cybersecurity leader, you can maximize managed security capabilities with proper preparation. If you’re using managed security during the Black Friday shopping weekend, we have a few tips to utilize before, during, and after the event. They will help your security and site reliability teams to not just survive the weekend but come out the other side and thrive.
Tips to prepare for Cyber 5
Managed security providers can alleviate much of the stress and anxiety security teams face heading into Cyber 5, and we’ve compiled a few tips to give you additional peace of mind. As you head into the extended Black Friday weekend with your managed security provider, update key contacts, tie up action items, and run a tabletop exercise to ensure they’re set up for success.
Update key contacts for escalation
The first step is to ensure that the key contact information is specified and current. Remember that even though you’re offloading the active security efforts as part of working with a managed security service, you can choose your level of involvement when attacks arise. You’ll want to list the right team members with appropriate communication platforms (such as email, chat, cell phone numbers, etc.) so the team can swiftly implement the suggested mitigation measures once approved.
Tie up any loose action items
The next step is to focus on closing out any pending action items highlighted by your managed security provider. While their security operations staff will mitigate attacks, implementing action items before the weekend starts allows for faster and often automated reactions to similar threats. Completing action items ahead of time also limits your organization's attack exposure and closes opportunities for hackers.
Run a tabletop exercise
Before a known traffic spike, it is an opportune time to run a tabletop attack drill exercise with your managed security provider. During this exercise, teams will simulate how they respond to an attack to understand the mitigations they will implement and when they will need approval before proceeding. Attack drills instill team confidence that your applications are protected while offering practical opportunities to identify whether any newly implemented procedures need refinements.
By performing these three quick and straightforward tips in advance, you’ll have prepared everything necessary to get a good night's sleep during this Cyber 5.
What to expect during Cyber 5
Thursday, November 23 will come around and while traffic begins ramping on your applications, you’ll be going back for your third helping of mashed potatoes and gravy before yet another nap.
Your one minuscule task is ensuring the availability of on-call key contacts you previously updated. Remember that if your managed security provider is anything like Fastly’s, they combat massive, sophisticated attack payloads daily. Still, you may require them to contact you before implementing mitigations when attacks arise. Time is of the essence, and every second spent trying to reach a key representative unsuccessfully represents an opportunity for the attacker to launch a successful payload!
Uptime over these five days may make or break your business. While estimates suggest the cost of unplanned downtime is around $6,700 per minute for large enterprises in any sector, know that for security operations teams, the Cyber 5 represents just more days doing what they do best. Whether it’s Cyber Monday or a random Monday in June at 2 a.m., managed security teams are there to mitigate attacks with an efficacy worth dreaming about, and all you need to do is give them the green light.
Tips for the remaining holiday season
Congratulations! Cyber Monday has come and gone. At this point, you’ll have made it through the Cyber 5 and likely gotten your best sleep over this time since becoming a security professional. Your cross-functional teams will comment on how well-rested you look. As you begin preparing for the rest of the holiday season, give thought to any strategy adjustments you think may be additive.
Consider strategy adjustments
Some managed security service providers offer a Technical Account Manager (or the equivalent) who intimately understands your environment and can give context to the reports they provide. In partnership with them, it’s essential to reflect on the data and your strategy to decide whether there are any areas of opportunity to address for the future. Topics, like long-term security and adjustments to escalation requirements or fine-tuning, should be analyzed and implemented where possible to further minimize your exposure to and risk from security incidents.
Review incident reports
After engaging with you during an attack, your managed security provider may also provide post-incident reports. These after-action reports outline the attack’s source, type, mitigations implemented, escalation path, and more. At Fastly, Technical Account Managers also deliver these to provide additional context, insights, and opportunities for improvement. Allocate time for this, as you’ll often receive context for action items to increase your security posture and inform secure development practices.
Begin uncovering the role of managed security
Major success provides an opportunity to note how managed security contributed to the win. There are quantitative data points like traffic volume, availability, and uptime that are clear and comparable to previous years but also give thought to the qualitative benefits. Heightened brand reputation, lessened employee resourcing, and reduced toil enable you to retain talent and boost revenue. Together, you uncover the story of managed security’s value within your organization. Be sure to work with your Technical Account Manager for help gathering the data you need, and continue building it with insights throughout the holiday season.
Sleep better this Cyber 5
Cyber 5 may be a make-or-break period for many organizations, but fortunately, managed security services offload almost all the responsibility and expertise needed to successfully navigate it. Be sure to use these tips before, during, and after Cyber 5 to maximize your managed security team’s efficacy and ensure the best sleep of your life during this period.
Blog courtesy of Fastly. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
