Threat actors are opportunistic.
Research by Darktrace in 2021 observed that cybercrime increased by 30% over the holidays compared to a monthly average. This was represented within Resilience’s internal data in 2021; notices increased by 4x in the month of December and 2x in October and November compared to our monthly average.
However, Resilience’s internal data shows that as of 2022, cybercrime has become less seasonal and more consistent month over month.
While in the past we have recognized a spike in cybercriminal activity over the holidays, Resilience’s data shows that claims notices in 2022 and 2023 are more contingent on geopolitical forces and large-scale incidents than on the time of year.
The most active months for cybercrime in 2022 within our portfolio were May, June, and December. The fallout of the Russian invasion of Ukraine in February 2022 led to a dip in late winter, followed by an increase in cyber activity in late Spring/early Summer. In line with traditional trends, December 2022 remained one of the most active months. However, instead of a 4x increase on the month-to-month average, December 2022 saw less than 2x more cyber attacks than the monthly average.
Given that data indicates cybercrime has a less seasonal correlation, it is always important to maintain best security practices and vigilance when the workforce is out for vacation. To help organizations keep their networks safe while enjoying the holiday season, Resilience has compiled this list of traditionally seasonal cybersecurity challenges and corresponding strategies to avoid them.
Unsecured Network Usage
While employees travel and work remotely, the threat of being hacked through public Wi-Fi heightens. Locations such as hotels, airports, coffee shops, and other hubs with free, unsecured Wi-Fi are hot spots for threat actors to gain unsolicited access to accounts. Several tactics can be deployed through an unsecured Wi-Fi network, such as “evil twin” attacks, password cracking, man-in-the-middle attacks, packet sniffing attacks, security vulnerabilities/misconfigurations, and more.
To prevent any and all of these incidents, avoid using unsecured Wi-Fi networks whenever possible. If you must use an unsecured network, be sure you have a VPN installed on your devices. VPNs encrypt your data so it can’t be seen or stolen.
Holiday phishing attempts are designed to trigger quick reactions from employees. They may appear to come from a member of leadership asking for urgent action or pose as well-known IT companies with phony security issues. Threat actors can access applications or systems once their false link is used or login credentials are entered.
The best way to avoid phishing scams is through extensive employee training and awareness when clicking links and opening emails. Human error accounts for 88% of data breaches. Some email security systems monitor and flag suspicious emails, but these systems are not bulletproof and still require attentiveness and training. Phishing scams create a false sense of urgency to provoke someone to act quickly and without much thought. Always take the time to verify the sender of an email before clicking on any link, especially if it seems unusual or urgent.
Ransomware incidents have a massive impact on an organization’s ability to deliver value at any point in the year. However, for some industries such as manufacturers, retail, hospitality, and travel, business interruption during the holidays can significantly impact their bottom line. This pressure to deliver value and regain operationality puts even more stress on the organization to pay a ransom.
Experiencing a ransomware incident over the holidays with a reduced workforce can lead to slower detection, longer investigation and greater damage to the organization. A ransomware study from Cybereason found that attacks occurring on weekends and holidays led to higher costs and greater revenue losses than attacks that occurred on weekdays.
Building resilience against threats such as ransomware requires collaboration across risk management, security, and financial leadership, strong incident response strategies, and close internal monitoring. Resilience’s solution has been proven to help make clients more resilient against financial losses through extortions. Just 15% of our client base impacted by a ransomware event chose to pay an extortion fee in the first half of 2023.
Depending on the industry, many organizations experience an influx of web traffic during the holidays. This influx can place IT’s focus more on the site’s experience and less on vulnerabilities or misconfigurations that may arise. But the strain on the workforce is the driving factor behind these risks. Threat actors recognize that most of the regular staff is out on vacation during the holidays, creating the prime opportunity to initiate a cyber attack that goes unnoticed until the damage has been done.
DDoS (distributed denial of service) attacks are incredibly popular around the holidays for this reason. Overwhelming a target’s networks or servers when the IT team is already overworked and understaffed is a prime time for threat actors to instigate a DDoS incident, especially if the organization relies on its website for sales and operations. Reduce the risk of a DDoS attack by taking measures to reduce your attack surface and remain vigilant for signs of abnormal web traffic. Consider bandwidth (or transit) capacity and server capacity to absorb and mitigate potential large-scale DDoS attacks.
Holiday scams can impact your organization’s reputation even if threat actors do not touch your network or systems. Should threat actors invoke your organization’s name to send phishing emails or advertise false sales, the initial reaction from clients can be to assume that your organization is at fault or experiencing a breach. Experiencing an incident can lead to a lack of trust and decreased sales for the season or beyond.
Should your company be spoofed for a phishing scam, reduce potential reputational damage by being transparent and promptly addressing and reporting the incident. Notify law enforcement and customers of the scam and provide resources to any impacted individuals.
While incident data shows that cyber attacks are becoming less seasonal, cybercrime doesn’t take vacations. Make sure that when your team takes a break, you plan for cyber resilience.
The Resilience Solution is designed to help security, risk management and financial leadership manage their cyber risk through enhanced security visibility combined with dynamic insurance policies. Our capabilities allow us to quickly share data around evolving market trends and offer corresponding strategies to respond effectively.