‘Tis The Season For Ransomware: New Report Shows Spikes During Holidays

Organizations may experience security staffing challenges outside traditional business hours.

Bah humbug. A new report released by identity cyber resilience company Semperis revealed a significant uptick in ransomware attacks against organizations during the holiday season.

Semperis’ “2024 Ransomware Holiday Risk Report” found that 86 percent of organizations surveyed in the U.S., UK, France and Germany, were targeted by ransomware on a holiday or weekend.

One reason the report suggests is that security staffing is reduced during those periods. Among U.S. organizations surveyed for the report, 90 percent said they reduced security staff by as much as 50 percent during the holiday season and weekends.

“It is human nature for services not to be as strong on the weekends, as many [organizations maintain] the mindset of the workweek. ... And when staffing levels decrease, naturally the fallout could be systems that are more vulnerable to breach,” the said Ciaran Martin, CB, managing director at Paladin Capital Group and founding executive of the UK’s National Cyber Security Centre, in the report.

There are other takeaways from the report, which surveyed 900 IT and security leaders across the globe.

One highlight from the report is the revelation that ransomware attacks increase when an organization has a major business event like an IPO, merger/acquisition or workforce restructuring. Semperis’ researchers refer to these events as “useful distractions” for attackers to strike. Sixty-three percent of organizations surveyed experienced a ransomware attack during one of these events.

There also seems to be a disconnect from how organizations perceive their security defenses and reality. Eighty-one percent of respondents said they have the necessary expertise to protect their organizations against attacks—in particular, identity-related attacks—but 83 percent suffered a ransomware attack in the past year.

The sectors that suffered the biggest onslaught of ransomware attacks during holidays and weekend include education, finance, manufacturing, health care, travel/transportation and IT/telecom, according to the report.

Five percent of respondents said they had no security operations center staff scheduled during holidays and weekends, the report revealed.

Semperis researchers outlined some steps IT and security leaders can take to shore up their security around the clock:

• Ensure C-level leaders are on board with the notion that ransomware defense and identity security are business priorities.
• Look to Identity Threat and Detection Response (ITDR) solutions that can help offset staffing challenges.

• To decrease the threat of identity-based attacks, “Active Directory security should be a core aspect of every merger or acquisition,” the researchers advised. “Nothing in the other entity’s network should touch yours until you’ve had a chance to assess their cyber assets,” said Jeff Wichman, director of incident response, Semperis, in the report.

Read the full Semperis 2024 Ransomware Holiday Report.