Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Cybercrime Takes No Vacations

And Neither does Cyber Resilience

by Brian Bochner , VP, Marketing
Published

Threat actors are opportunistic. 

Research by Darktrace in 2021 observed that cybercrime increased by 30% over the holidays compared to a monthly average. This was represented within Resilience’s internal data in 2021; notices increased by 4x in the month of December and 2x in October and November compared to our monthly average. 

However, Resilience’s internal data shows that as of 2022, cybercrime has become less seasonal and more consistent month over month

While in the past we have recognized a spike in cybercriminal activity over the holidays, Resilience’s data shows that claims notices in 2022 and 2023 are more contingent on geopolitical forces and large-scale incidents than on the time of year. 

The most active months for cybercrime in 2022 within our portfolio were May, June, and December. The fallout of the Russian invasion of Ukraine in February 2022 led to a dip in late winter, followed by an increase in cyber activity in late Spring/early Summer. In line with traditional trends, December 2022 remained one of the most active months. However, instead of a 4x increase on the month-to-month average, December 2022 saw less than 2x more cyber attacks than the monthly average. 

Given that data indicates cybercrime has a less seasonal correlation, it is always important to maintain best security practices and vigilance when the workforce is out for vacation. To help organizations keep their networks safe while enjoying the holiday season, Resilience has compiled this list of traditionally seasonal cybersecurity challenges and corresponding strategies to avoid them. 

Unsecured Network Usage 

While employees travel and work remotely, the threat of being hacked through public Wi-Fi heightens. Locations such as hotels, airports, coffee shops, and other hubs with free, unsecured Wi-Fi are hot spots for threat actors to gain unsolicited access to accounts. Several tactics can be deployed through an unsecured Wi-Fi network, such as “evil twin” attacks, password cracking, man-in-the-middle attacks, packet sniffing attacks, security vulnerabilities/misconfigurations, and more. 

To prevent any and all of these incidents, avoid using unsecured Wi-Fi networks whenever possible. If you must use an unsecured network, be sure you have a VPN installed on your devices. VPNs encrypt your data so it can’t be seen or stolen. 

Phishing Scams

Holiday phishing attempts are designed to trigger quick reactions from employees. They may appear to come from a member of leadership asking for urgent action or pose as well-known IT companies with phony security issues. Threat actors can access applications or systems once their false link is used or login credentials are entered. 

The best way to avoid phishing scams is through extensive employee training and awareness when clicking links and opening emails. Human error accounts for 88% of data breaches. Some email security systems monitor and flag suspicious emails, but these systems are not bulletproof and still require attentiveness and training. Phishing scams create a false sense of urgency to provoke someone to act quickly and without much thought. Always take the time to verify the sender of an email before clicking on any link, especially if it seems unusual or urgent. 

Ransomware 

Ransomware incidents have a massive impact on an organization’s ability to deliver value at any point in the year. However, for some industries such as manufacturers, retail, hospitality, and travel, business interruption during the holidays can significantly impact their bottom line. This pressure to deliver value and regain operationality puts even more stress on the organization to pay a ransom. 

Experiencing a ransomware incident over the holidays with a reduced workforce can lead to slower detection, longer investigation and greater damage to the organization. A ransomware study from Cybereason found that attacks occurring on weekends and holidays led to higher costs and greater revenue losses than attacks that occurred on weekdays. 

Building resilience against threats such as ransomware requires collaboration across risk management, security, and financial leadership, strong incident response strategies, and close internal monitoring. Resilience’s solution has been proven to help make clients more resilient against financial losses through extortions. Just 15% of our client base impacted by a ransomware event chose to pay an extortion fee in the first half of 2023. 

Strained Network

Depending on the industry, many organizations experience an influx of web traffic during the holidays. This influx can place IT’s focus more on the site’s experience and less on vulnerabilities or misconfigurations that may arise. But the strain on the workforce is the driving factor behind these risks. Threat actors recognize that most of the regular staff is out on vacation during the holidays, creating the prime opportunity to initiate a cyber attack that goes unnoticed until the damage has been done. 

DDoS (distributed denial of service) attacks are incredibly popular around the holidays for this reason. Overwhelming a target’s networks or servers when the IT team is already overworked and understaffed is a prime time for threat actors to instigate a DDoS incident, especially if the organization relies on its website for sales and operations. Reduce the risk of a DDoS attack by taking measures to reduce your attack surface and remain vigilant for signs of abnormal web traffic. Consider bandwidth (or transit) capacity and server capacity to absorb and mitigate potential large-scale DDoS attacks. 

Reputational Damage 

Holiday scams can impact your organization’s reputation even if threat actors do not touch your network or systems. Should threat actors invoke your organization’s name to send phishing emails or advertise false sales, the initial reaction from clients can be to assume that your organization is at fault or experiencing a breach. Experiencing an incident can lead to a lack of trust and decreased sales for the season or beyond. 

Should your company be spoofed for a phishing scam, reduce potential reputational damage by being transparent and promptly addressing and reporting the incident. Notify law enforcement and customers of the scam and provide resources to any impacted individuals.  

While incident data shows that cyber attacks are becoming less seasonal, cybercrime doesn’t take vacations. Make sure that when your team takes a break, you plan for cyber resilience. 

The Resilience Solution is designed to help security, risk management and financial leadership manage their cyber risk through enhanced security visibility combined with dynamic insurance policies. Our capabilities allow us to quickly share data around evolving market trends and offer corresponding strategies to respond effectively. 

You might also like

Breaking Lemonade: Understanding Value at Risk

I talk a lot about value-at-risk among my colleagues, with our customers, and the broader market. Value-at-risk may be the single most important measure to grasp, without which one cannot accurately measure risk transfer, excess risk, risk acceptance, and return on controls. Yet, these are all important concepts that leadership in modern organizations need to […]

Would you fall for a live deepfake?

The Office of Senate Security revealed last week that the head of the Senate Foreign Relations Committee was targeted in a deep fake video call. An unknown person, claiming to be the former Ukrainian Minister of Foreign Affairs, Dmytro Kuleba, lured the Senator onto a Zoom call. The attack was thwarted when the Senator and […]

Artificial Intelligence for Cyber Resilience

AI tools are shifting the calculus for cyber defense by enhancing key areas such as vulnerability mapping, breach detection, incident response, and penetration testing. This integration could help an organization bolster its cyber resilience against an ever-evolving threat landscape. AI tools could automate the discovery and monitoring of vulnerabilities, providing real-time updates of an organization’s […]

cyber resilience framework

AI and Misuse

Welcome to part two in our series on AI and cyber risk. Be sure to read the first installment “What you need to know: Artificial Intelligence at the Heart of Cyber,” here. Key takeaways Background In February 2024, OpenAI – in collaboration with Microsoft— tracked adversaries from Russia, North Korea, Iran, and China, leveraging their […]

cyber resilience framework

Cybersecurity Incidents & Trends in Canada

Executive Summary Emerging cyber threats increasingly target Canadian organizations, government agencies, and individuals, with recent attacks revealing sophisticated tactics by threat actors. Threat actors delivered the Formbook infostealer to companies via emails that posed as job candidates. Meanwhile, the Chameleon Trojan attacked Canadian financial institutions and a restaurant chain by masquerading as legitimate apps. Cybercriminals […]

Digital Risk: Enterprises Need More Than Cyber Insurance

What you need to know: Artificial Intelligence at the Heart of Cyber

As AI technologies become more embedded in cyber strategies, they enhance the capabilities of threat actors while also offering innovative defenses to organizations [1]. AI tools can amplify adversaries’ traditional Techniques, Tools, and Procedures (TTPs) by automating the generation of sophisticated threats such as polymorphic malware — which can dynamically alter its code to evade […]