Cybercriminals strike understaffed organizations on weekends and holidays

Dive Brief:

• More than one-third of respondents said it took their organization longer to assess the scope, stop and recover from a holiday or weekend attack compared to a weekday, according to a Cybereason survey published Wednesday. Larger organizations with more than 2,000 employees were even more likely to experience delays.
• Organizations would lose more money as a result of a ransomware attack on a weekend or holiday than they were a year ago, according to Cybereason. One-third of respondents said their organization lost more money from a holiday or weekend ransomware attack, up from 13% in 2021.
• Organizations in education and travel and transportation reported a greater likelihood of financial losses from a holiday or weekend attack instead of a weekday. About 2 in 5 respondents in those industries said their organization suffered a larger economic impact.

Dive Insight:

Cybercriminals don’t take breaks when it's convenient to defenders. While many professionals are working for the weekend, threat actors can exploit time off as a weakness and strike when organizations are understaffed and significantly less prepared to detect and respond to attacks.

“Ransomware actors tend to strike on holidays and weekends because they know companies’ human defenses often aren’t as robust at those times,” Lior Div, Cybereason CEO and co-founder, said in a statement. “It allows them to evade detection, do more damage and steal more data as security teams scramble to mobilize a response.”

Nearly half of all respondents said their organizations are staffed at levels below 33% on holidays and weekends.

“The overall success cybercriminals have attacking on holidays and weekends leads to them more aggressively targeting companies during these times as a way to further fuel their criminal empires,” Div said.

Organizations in the education sector were the slowest to respond and most likely to suffer financial losses from a holiday or weekend attack. More than half of cybersecurity professionals in education said it took longer to assess the scope of an attack and 2 in 5 said it took longer to respond.

In the most high-profile ransomware attack in education this year, the Los Angeles Unified School District discovered a cyberattack in progress at 10:30 p.m. on the Saturday leading into Labor Day. 

Vice Society, the prolific ransomware group behind the attack, released about 250,000 files of stolen data on the dark web, some containing Social Security numbers, contracts, W-9 tax forms, invoices and passports. 

Ransomware was cited as the predominant cyberthreat in Cybereason’s report. Half of all respondents across all industries and geographies said their security operation centers are most frequently trying to resolve ransomware attacks.

Cybereason commissioned Censuswide to survey more than 1,200 cybersecurity professionals between September and October 2022. Each of the respondents work at medium to large businesses that experienced one or more ransomware attacks during a holiday or weekend in the previous year.

Comments are closed.