Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Cybercrime Takes No Vacations

And Neither does Cyber Resilience

by Laura Hiserodt , Staff Writer
Published

Threat actors are opportunistic. 

Research by Darktrace in 2021 observed that cybercrime increased by 30% over the holidays compared to a monthly average. This was represented within Resilience’s internal data in 2021; notices increased by 4x in the month of December and 2x in October and November compared to our monthly average. 

However, Resilience’s internal data shows that as of 2022, cybercrime has become less seasonal and more consistent month over month

While in the past we have recognized a spike in cybercriminal activity over the holidays, Resilience’s data shows that claims notices in 2022 and 2023 are more contingent on geopolitical forces and large-scale incidents than on the time of year. 

The most active months for cybercrime in 2022 within our portfolio were May, June, and December. The fallout of the Russian invasion of Ukraine in February 2022 led to a dip in late winter, followed by an increase in cyber activity in late Spring/early Summer. In line with traditional trends, December 2022 remained one of the most active months. However, instead of a 4x increase on the month-to-month average, December 2022 saw less than 2x more cyber attacks than the monthly average. 

Given that data indicates cybercrime has a less seasonal correlation, it is always important to maintain best security practices and vigilance when the workforce is out for vacation. To help organizations keep their networks safe while enjoying the holiday season, Resilience has compiled this list of traditionally seasonal cybersecurity challenges and corresponding strategies to avoid them. 

Unsecured Network Usage 

While employees travel and work remotely, the threat of being hacked through public Wi-Fi heightens. Locations such as hotels, airports, coffee shops, and other hubs with free, unsecured Wi-Fi are hot spots for threat actors to gain unsolicited access to accounts. Several tactics can be deployed through an unsecured Wi-Fi network, such as “evil twin” attacks, password cracking, man-in-the-middle attacks, packet sniffing attacks, security vulnerabilities/misconfigurations, and more. 

To prevent any and all of these incidents, avoid using unsecured Wi-Fi networks whenever possible. If you must use an unsecured network, be sure you have a VPN installed on your devices. VPNs encrypt your data so it can’t be seen or stolen. 

Phishing Scams

Holiday phishing attempts are designed to trigger quick reactions from employees. They may appear to come from a member of leadership asking for urgent action or pose as well-known IT companies with phony security issues. Threat actors can access applications or systems once their false link is used or login credentials are entered. 

The best way to avoid phishing scams is through extensive employee training and awareness when clicking links and opening emails. Human error accounts for 88% of data breaches. Some email security systems monitor and flag suspicious emails, but these systems are not bulletproof and still require attentiveness and training. Phishing scams create a false sense of urgency to provoke someone to act quickly and without much thought. Always take the time to verify the sender of an email before clicking on any link, especially if it seems unusual or urgent. 

Ransomware 

Ransomware incidents have a massive impact on an organization’s ability to deliver value at any point in the year. However, for some industries such as manufacturers, retail, hospitality, and travel, business interruption during the holidays can significantly impact their bottom line. This pressure to deliver value and regain operationality puts even more stress on the organization to pay a ransom. 

Experiencing a ransomware incident over the holidays with a reduced workforce can lead to slower detection, longer investigation and greater damage to the organization. A ransomware study from Cybereason found that attacks occurring on weekends and holidays led to higher costs and greater revenue losses than attacks that occurred on weekdays. 

Building resilience against threats such as ransomware requires collaboration across risk management, security, and financial leadership, strong incident response strategies, and close internal monitoring. Resilience’s solution has been proven to help make clients more resilient against financial losses through extortions. Just 15% of our client base impacted by a ransomware event chose to pay an extortion fee in the first half of 2023. 

Strained Network

Depending on the industry, many organizations experience an influx of web traffic during the holidays. This influx can place IT’s focus more on the site’s experience and less on vulnerabilities or misconfigurations that may arise. But the strain on the workforce is the driving factor behind these risks. Threat actors recognize that most of the regular staff is out on vacation during the holidays, creating the prime opportunity to initiate a cyber attack that goes unnoticed until the damage has been done. 

DDoS (distributed denial of service) attacks are incredibly popular around the holidays for this reason. Overwhelming a target’s networks or servers when the IT team is already overworked and understaffed is a prime time for threat actors to instigate a DDoS incident, especially if the organization relies on its website for sales and operations. Reduce the risk of a DDoS attack by taking measures to reduce your attack surface and remain vigilant for signs of abnormal web traffic. Consider bandwidth (or transit) capacity and server capacity to absorb and mitigate potential large-scale DDoS attacks. 

Reputational Damage 

Holiday scams can impact your organization’s reputation even if threat actors do not touch your network or systems. Should threat actors invoke your organization’s name to send phishing emails or advertise false sales, the initial reaction from clients can be to assume that your organization is at fault or experiencing a breach. Experiencing an incident can lead to a lack of trust and decreased sales for the season or beyond. 

Should your company be spoofed for a phishing scam, reduce potential reputational damage by being transparent and promptly addressing and reporting the incident. Notify law enforcement and customers of the scam and provide resources to any impacted individuals.  

While incident data shows that cyber attacks are becoming less seasonal, cybercrime doesn’t take vacations. Make sure that when your team takes a break, you plan for cyber resilience. 

The Resilience Solution is designed to help security, risk management and financial leadership manage their cyber risk through enhanced security visibility combined with dynamic insurance policies. Our capabilities allow us to quickly share data around evolving market trends and offer corresponding strategies to respond effectively. 

About the Author
Laura Hiserodt , Staff Writer

Laura is a content writer at Resilience. Though new to the cybersecurity industry, she works closely with our most tenured experts to produce well-researched and informative content for Resilience’s blogs, reports, and more. She holds a BA in English and Business Marketing from University of Colorado, Boulder.

You might also like

Resilience Threat Researchers Identify New Campaigns from Scattered Spider

Following their attacks on MGM and Caesars’ casinos, threat actor group Scattered Spider is believed to be behind attacks on multiple companies in the finance and insurance industries. Using convincing lookalike domains and login pages as well as efficiently timed attacks, the group is aggressively targeting a wider array of companies. We have also observed […]

Breach and Attack Simulations: A Proactive Approach to Loss Prevention 

Today’s CISOs and risk managers need to see around corners to proactively reduce risks before they turn into losses. Increasingly, CISOs also answer directly to the board of directors. No matter how tight you think your controls are or how big your budget is, I promise you things are happening in your environment that you […]

Seven Essential Steps to Vulnerability Management: Learnings from the Ivanti Exposures  

In light of the most recent Ivanti vulnerability, the importance of a robust vulnerability management strategy and incident response plan has never been clearer.  The Ivanti vulnerabilities, particularly CVE-2024-22024, unveiled on February 8th, 2024, serve as a stark reminder of the relentless nature of cyber threats. These vulnerabilities, which allow unauthenticated, remote attackers to access […]

Five Predictions on the State of Cyber Claims in 2024

Unravel the complexities of cyber risk with the 2023 Mid-Year Claims Report by Resilience. Dive into our analysis and predictions for the cyber insurance industry in 2024, including the pivotal role of AI and regulatory changes.

Knowing Your Risk Surface: A Risk-Focused Approach to Incident Response

After decades of more damaging and less predictable cyber attacks, modern cybersecurity practitioners have recognized the critical need to incorporate more risk-based approaches to their planning efforts. However, despite the continuing advances within the cybersecurity field, analytics firms are noting record years for cybercriminals and breaches against some of the most well-defended organizations in the […]