Maintaining Security When IT is on Holiday

Posted on by Nathan Eddy

With the holiday season fast approaching—they’re playing Jingle Bells in the department stores across the land—businesses need to be ready for the periods when IT security staff will be enjoying time with friends and family.

The job of the IT pro isn’t likely to get easier anytime soon, and this is especially true during the holidays when employees are out of the office and expect to remain connected and productive at all times.

Things may get more complex as employees attach more mobile and wearable technology to company email and systems, including the gadgets they receive for the holidays this year.

Among the most pressing concerns impacting businesses while IT security staff are at a minimum include network outages, network flooding, account lockouts, failed login from disabled or expired users, allowed events from blacklisted sources, denial of service (DOS) attacks on production IT assets, and malware propagation.

"For a small team especially, or a team that does not have considerable resourced dedicated to 24/7 detection and response, losing a few key members can significantly affect the organization’s security," Daniel Miessler, director of advisory services at IOActive, said.

He explained when key people aren’t there, remaining staff often don’t know how to do certain tasks, and many times don’t even know it goes on.

That introduces significant risk because a critical alert could be missed, meaning something serious might not be responded to in time.

"Criminals can more easily penetrate a company’s defenses using stealth tactics since IT staff are likely not to be as thorough or vigilant when running at a minimum," Sam McLane, head of security engineering at Arctic Wolf, said. "Day to day security hygiene will also suffer since many of those tasks are time consuming and tedious."

He explained reduced security hygiene leads to a more relaxed security posture, creating vulnerabilities that can be exploited, and go unnoticed for longer periods of time.

However, businesses can walk the line between providing work/life balance for IT security staff and ensuring critical information and infrastructure are being protected by automating tasks and implementing strong security controls based on standard frameworks like SANS 20—a consensus of defensive and offensive security practitioners from the SANS security institute.

"When it comes to managing security with a reduced staff, automation is the only answer," Sebastian Taphanel, solutions architect at, said. "If security inspection, analysis, and remediation are all manual, then your team is probably already struggling to keep up even when everyone is at the office."

He explained when staffing levels are reduced during holidays you are taking on significantly more risk and putting the security and privacy of your data in jeopardy.

"That's why, in today's dynamic modern IT environments, we advocate that organizations automate as much as possible," Taphanel said. "It is the only way to keep up with the pace of change that takes place in your environment, as well as keeping up with the automated attacks that are affecting everyone."

In addition, cloud-based and mobile technologies have helped IT staff and administrators remotely configure corporate email, allowing access to business software applications and retaining control of which data is securely stored in the cloud.

"Mobile technologies have been a huge help to security teams because they provide access as a remote worker," Taphanel said. "You can be at Disneyland and still get visibility into the state of your infrastructure and take steps to remediate risks without leaving the line for Space Mountain."

McLane noted, however, that while mobile technology has made it easier to stay connected, but the daily security work required cannot be done on a tablet or smart phone.

"Vigilant security requires accessing and monitoring multiple systems throughout the day, analyzing logs and performing in-depth forensics," he said. "The cloud does allow greater flexibility to access these critical systems."

John Bambenek, threat systems manager of Fidelis Cybersecurity, explained mobile technology and the cloud have also made it easier to automate and collaborate in a more efficient manner—a critical benefit when employees may be vacationing far from the office.

"As an example, I track dozens of online criminal enterprises and have a system set up so that I get a push notification to my phone every time those actors set up a new command-and-control system," he said. "This allows me to, in turn, notify appropriate law enforcement to do takedowns, issue subpoenas or start wiretaps."

Nathan Eddy

Technology Writer,

cloud security Internet of Things mobile security

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs