How IT teams ensure operations and security even during the vacations

At the end of June or beginning of July, school vacations began in parts of Switzerland and also in Germany, lasting until well into August. During this phase, many IT employees naturally go on vacation, so teams become smaller. Fewer heads have to handle the same amount of work. Never in the year is the risk of overlooking important events greater. Especially as data patterns and ways of working in companies change, because employees access company IT from different unsecured WLANs. Quickly checking emails during the vacations has long become commonplace.

Six tips on how to keep IT security high during the vacations

Hackers know that teams are understaffed during the vacations, experts in certain specialties, applications or defenses also take breaks, and users sometimes access data through unauthorized, insecure devices. Statistics for 2022 show that malware activity remained consistently high during the summer months. Mark Molyneux, EMEA CTO at Cohesity, a data security and management service provider, knows this phase from his time on the client side and offers six pieces of advice on how teams can prepare well and reduce the risk to IT.

1. Full concentration on operating mode: IT teams should determine that, as far as possible, they will switch to an operational mode during the summer break with the main goal of keeping IT running in its as-is state. Migrations and change processes or intensive rollouts should be postponed to other times. This does not mean completely suspending change processes. But they should be risk-weighted and driven by business criticality.
2. Respond to critical patches: Just in the middle of June, VMware launched a Patch for a critical vulnerability published in the vCenter Server. To properly classify such an event, IT teams should divide their systems and applications into so-called tiered resiliency categories. This allows them to clearly align their patching strategy, recoverability and service levels such as DTO, RPO, RTO to their applications and workloads. If the most critical tier is impacted, which is likely the case for a core element like VMware, teams should prioritize testing and rolling out that patch. Other lower-category incidents, on the other hand, can be triaged and parked until teams are complete or the respective platform experts are back from vacation. Incidentally, teams will benefit from this categorization throughout the year, as they can weight tasks according to business priority.
3. Make consequences transparent: This categorization also helps to better prioritize day-to-day tasks that arise. For example, if backup jobs fail on high-priority systems, teams should be sure to retrigger them to meet their recovery service levels and prevent data loss. Ideally, with modern data management systems, this is handled by an AI-driven automated background process that relieves the IT teams of this entirely.
4. Make knowledge gaps transparent: The larger the IT teams, the more members specialize in certain application architectures, systems, or programming languages. Teams should regularly assess their competencies and incorporate the results into staff development plans at least annually. This process is key to narrowing skill gaps or even closing them altogether. Teams should ideally coordinate their absences so that enough generalists can ensure ongoing operations. It remains inevitable that gaps in knowledge will occur during the vacation season because the Python expert is currently at the beach with his family. However, if this is clear within the team, remedial action can be taken for this time and responsibility can be distributed to the rest of the team to reduce the risk to this area.
   This organizational matrix should also record which special tasks the team members take on in everyday life. For example, an IT expert might clear the cache of a critical system by hand once a week to prevent the disks from filling up. If this colleague is on vacation, these tasks could fall by the wayside and the system could enter a critical state. This knowledge should be centrally recorded in order to be well prepared in the event of a crisis. Such process legacies can still be found in many companies.
5. Plan capacities: In summer, the data pattern in companies and, depending on the industry, user behavior changes dramatically. In a bank, credit card services are in demand in the summer, while mortgages are hardly processed. The load and volume of data will change. AI-powered analytics now help predict these trends and allocate sufficient resources.
6. Corporate management should be crisis-proof: Because teams are understaffed, the risk of a successful attack is higher. Boards and general managers should be aware that they will be involved in crisis management in the event of an emergency. Wherever they are in the summer, it will be critical to have all the necessary tools and information at hand to form the crisis team and kick off the process. Otherwise, valuable time will be lost.

"AI can dramatically reduce the enormous burden on IT and security teams during the vacation season by relieving them of many of the important but tedious tasks," said Mark Molyneux. "Providing comprehensive reports and clear and concise next steps gives visibility to operational groups that are usually understaffed for the difficult tasks ahead during the summer. For complex or important tasks, humans additionally intervene. In this way, AI can make a massive contribution to increasing cyber resilience against attacks, which ironically are increasingly being carried out by AI."

Source: Cohesity