Continuous monitoring and governance: AWS best practices for keeping your data secure during the holidays

As we approach the end of 2024, cybersecurity and information technology (IT) professionals are reflecting on a year filled with unprecedented challenges and opportunities to improve processes. State and local government organizations have faced numerous threats, from man-made and climate-related risks to third-party breaches and incidents. Throughout it all, they’ve maintained critical services for residents while adapting to an ever-evolving threat landscape. As we look ahead to 2025, it’s crucial to maintain vigilance, especially during the holiday season, when cybersecurity risks tend to escalate. Many organizations use Amazon Web Services (AWS) to enhance their security posture and improve resilience. In this post, we discuss the AWS best practices for securing your data during the holiday season.

Cybersecurity risk increases during the holiday season

The US Department of Homeland Security warns that the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have observed a significant increase in high-impact ransomware attacks during holidays and weekends when offices are typically closed.

Several factors contribute to the increased cybersecurity risk during the holiday season, including:

• Organizations experience reduced staffing as government employees take well-deserved time off.
• The surge in online activity creates more opportunities for scams and attacks.
• Bad actors use new technologies such as generative artificial intelligence (AI) to craft more convincing phishing campaigns and social engineering attacks.
• There are fewer eyes on systems, allowing attackers more time to move laterally within networks before detection.

In 2024, there was a dramatic rise in the sophistication of AI-powered attacks. Generative AI has been increasingly used to create highly personalized and convincing phishing emails, making it harder for even trained employees to distinguish between legitimate and malicious communications. Additionally, we’ve observed a surge in AI-driven voice phishing attacks, known as vishing, and the rise of deepfake technology in social engineering attacks.

To address these challenges, many organizations are taking advantage of AWS security services to maintain continuous monitoring and threat detection, including during periods of reduced staffing.

Best practices for maintaining a strong security posture during the holidays

To maintain a strong security posture during the holidays, organizations should focus on three key areas: training the human, tuning the systems, and automating where possible. Using the National Institute of Standards and Technology (NIST) cybersecurity framework as a template, follow these five steps to prepare for the upcoming holiday season:

1. Continuously educate through end-user training. Emphasize continuous cyber education, reminding users of potential adversarial activities, such as social engineering attacks that involve gift cards and charity. Conduct phishing exercises as part of end-of-year training and after the holidays to keep cybersecurity and privacy top of mind.

2. Conduct continuous analysis through threat hunting and monitoring. Implement robust monitoring and alerting systems for both on premises and AWS environments. Tools such as Amazon GuardDuty, Amazon CloudWatch, AWS Security Hub, and AWS CloudTrail can be configured to monitor critical resources and set up alerts for any issues or deviations from normal operational parameters. Regularly review security logs, alerts, and threat intelligence feeds for suspicious activity or indications that systems have been compromised.

3. Re-evaluate your on-call communication and rotation plan. Assign teams or individuals to be on-call to respond to alerts or incidents and include appropriate escalation paths. Create an on-call rotation schedule and make sure that everyone is aware of their responsibilities. Services such as AWS incident detection and response (IDR) are available for AWS enterprise support customers. They continuously monitor workloads and engagement in anticipation of critical incidents.

4. Prepare for incidents. Develop comprehensive incident response plans and procedures to handle potential outages or incidents during the holidays. Document the necessary steps, including escalation procedures, communication protocols, and the recovery processes. Make sure that teams have access to the documentation, tools, and resources they need to effectively troubleshoot and resolve issues. Services such as AWS Security Incident Response are available for AWS enterprise support customers.

5. Continuously improve. After the holiday period, thoroughly review your processes for security monitoring and threat hunting. Analyze any incidents or threats that occurred and identify areas for improvement. Update security policies, procedures, and tools based on the lessons you learned to stay ahead of emerging threats and maintain a robust security posture.

AWS offers a range of services to help organizations implement robust continuous monitoring strategies, including Amazon GuardDuty, AWS Security Hub, AWS CloudTrail, AWS Config, and Amazon Security Lake. In 2024, AWS introduced enhanced AI and machine learning (ML) capabilities in Amazon GuardDuty and Security Hub, improving their ability to detect and respond to sophisticated, AI-driven attacks.

With remote and hybrid work models now firmly established, organizations must pay special attention to securing their distributed workforce as part of the overall security strategy. Consider implementing multi-factor authentication (MFA) for all remote access, email filtering services, prioritized patch management strategy, virtual private networks (VPNs) regular security awareness training specific to remote work risks, and endpoint detection and response (EDR)/managed endpoint detection and response (MDR) solutions on all devices that access corporate resources.

After the holiday season, conduct a comprehensive security review by analyzing all security logs and alerts, reviewing the effectiveness of incident response procedures, assessing the performance of security tools and services, gathering feedback from security team members, identifying gaps in coverage, and updating security strategies based on your findings.

Maintain security for ongoing compliance

Upholding security during the holidays is not only about protecting against threats; it’s also about maintaining ongoing compliance with regulations such as HIPAA, FISMA, and state-specific data protection laws. Make sure that your holiday security measures align with these compliance requirements and document all security activities and incidents for auditing purposes.

As we enter the holiday season and look ahead to 2025, it’s crucial for state and local government organizations to maintain heightened vigilance against cyber threats. By implementing continuous monitoring, leveraging automation, and using advanced AWS security services, organizations can enjoy the festivities while keeping their data secure. Remember that cybersecurity is a year-round commitment, but the holidays need extra attention. With the right preparation and tools in place, you can celebrate the new year with confidence in your organization’s security posture.

To learn more about how AWS can help, register for the Continuous Monitoring and Governance webinar in late January.