Holidays throughout the year pose unique opportunities for cybercriminals to capitalize on increased online activity and understaffed IT teams. Two of 2021’s most infamous cyberattacks transpired on holiday weekends. On the eve of Mother’s Day, DarkSide ransomware hit Colonial Pipeline, one of the U.S.’s largest fuel pipelines; during the Memorial Day weekend, an attack on JBS Foods, the world’s largest meat supplier, completely froze production. The two events alone resulted in more than $15 million paid to attackers.
The winter months are chock-full of holidays, giving the season inherent potential to see major cyberattack surges. Just this past Labor Day weekend, two major attacks shut down the Los Angeles Unified School District and InterContinental Hotels Group, resulting in extremely costly downtime. As we enter the holiday season, organizations must stay vigilant to mitigate risk and sidestep cyberattacks, even in the midst of holiday merriment.
Why holidays = surges
The holidays are an incredibly vulnerable time for a number of reasons. Lessened IT staffing is probably the number one factor. Employees take well-deserved time off for the holidays to travel, celebrate, and be with loved ones, but this leaves understaffed teams—and cybercriminals know that. Responses to any incidences may be delayed or even compromised. One study found that 70% of respondents confessed to being intoxicated while attempting to manage a ransomware attack during a weekend or holiday.
Second, more online activity means more opportunity for cyber criminals. Online shopping reaches its peak volume during the holidays, generally with Black Friday as the kickoff. Elaborate phishing ruses use irresistible holiday sales to seal the deal. It takes just one employee and a bad link to compromise an entire organization’s data ecosystem.
Companies remain vulnerable
The lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on organizations, with 60% of respondents saying they resulted in longer periods to assess the scope of an attack, 50% saying they required more time to mount an effective response, and 33% indicating they required a longer period to fully recover from the attack, according to Cybereason’s holiday ransomware report.
The report also revealed that more than a third (36%) of companies said there was no specific contingency plan to respond to the ransomware attack their organizations suffered, and almost a quarter (24%) of organizations still don’t have plans in place despite having been victims of successful attacks in the past.
Protect your company this holiday season
Companies should evaluate their mitigation strategies and practice healthy cybersecurity hygiene on an ongoing basis. Team up with a managed security services provider to help ease the burden of staying up-to-date with best practices. MSPs can augment your IT team and assist with:
- Educating employees on risk management tools and the latest threats
- Implementing multi-factor authentication across the organization
- Backing up and securing sensitive data
- And more
It’s important to create and maintain a disaster recovery plan to quickly restore IT infrastructure and business operations. Continually test and update the plan to make sure it accounts for your dynamic environment and ensure that key personnel can be reached if an attack occurs, even during a holiday. To begin evaluating your surge readiness, contact Pacxa today.