The festive holidays are almost here. Pretty soon, many of us will be sticking on our “out of office” and settling in for a few days of well-earned rest. But the same is not necessarily true of threat actors. In fact, they may spy a perfect opportunity to compromise your IT systems if the corporate security team is also likely to be spending time with friends and family. It has happened many times before, especially with ransomware attacks.

That’s why your organization needs a coherent plan for managing cybersecurity 24/7 throughout the year, including across the entire festive period. Putting in place the right people, processes and technology to mitigate cyber-risk is critical.

While you were sleeping

While big-name breaches continue to make the headlines with alarming regularity, the macro-trend is of ransomware payment rates declining. Research reveals that around a third (36%) of victims elected to pay in Q2 2024, down from around 80% five years previously. This means that, when it comes to ransomware at least, threat actors are always looking for new ways to make their attacks more effective. And launching those attacks during public holidays, at night and/or at the weekend is the perfect way to do so.

One study claims that ransomware attacks increase by 30% during public holidays and weekends. Another reveals that 89% of security professionals are concerned about such an eventuality. A third claims that most ransomware attacks now occur between the hours of 1am and 5am local time, as cybercriminals look to achieve the same end goal – catching the victim organization understaffed and unawares.

There are plenty of historic examples of ransomware attacks occurring during public holidays:

  • The Colonial Pipeline breach by the DarkSide ransomware group occurred in May 2021 during the lead-in to the Mother’s Day weekend in the US. It resulted in a week-long operational outage and fuel shortages up and down the East coast
  • The massive ransomware attack against food giant JBS occurred over the Memorial Day weekend, forcing the firm to pay an $11m ransom
  • A Fourth of July holiday weekend attack by the Sodinokibi/REvil ransomware group targeted MSP software provider Kaseya, impacting 2,000 downstream customers in 17 countries

Yet it’s not just cybercrime that security leaders must think about during the festive season. There’s also the possibility, albeit rarer, of state-sponsored attacks. It should be remembered that the countries where many attacks originate, from China and North Korea to Russia and Iran, either don’t celebrate Christmas or do so at a different time to the West.

Why it matters

For businesses that are typically busy during the festive holiday period, like retailers, hospitality firms and warehouse operators, a serious cyberattack could have a significant impact on the bottom line and corporate reputation. But the truth is that any organization could suffer.

Put simply, the longer it takes you to respond to a ransomware threat, the more likely it is that your adversary is able to steal large quantities of sensitive data, and possibly even deploy a ransomware payload. Ransomware groups continue to get faster at moving from initial access to encryption and data exfiltration. Add in the extra time needed to get security team members into the office and/or online, and you have a potential recipe for disaster.

Even if key team members do get to the office in quick time, they may not be able to help much. One study claims that 71% of security professionals admit being intoxicated when responding to a ransomware attacks at the weekend or during holidays. A serious out-of-hours breach could:

  • Impact staff productivity (assuming there are employees working in other regions over the period)
  • Significantly disrupt production/business operations
  • Take public-facing sites offline, reducing profits and damaging the brand
  • Invite regulatory scrutiny and create compliance challenges

Ransomware is by far the only threat facing your organization this festive period. Other risks you may need to mitigate include:

  • Phishing and targeted data theft
  • Business email compromise (BEC)
  • DDoS attacks – especially important for retailers at this time of year

Mitigating Christmas season cyber risk

According to one study, 37% of organizations don’t have contingency plans in place to respond to ransomware attacks at weekend and during holiday periods. And thanks to remote working, cyber threats could theoretically happen at any time, including non-traditional office hours, especially if your organization spans different time zones.

Consider the following tips to mitigate the risk of a festive security breach:

  • Continuous, automated risk-based patching to reduce the attack surface
  • Penetration tests to check for vulnerabilities before the festive break
  • Mandating multi-factor authentication (MFA) and strong unique passwords (ideally stored in a password manager) to mitigate phishing and log-in threats
  • Data encryption, so that even if hackers reach your Crown Jewels, they will not be able to monetize any stolen data
  • Processes in place to mitigate BEC risk (such as having at least two people sign off on any money transfers)
  • Ensure suppliers are audited and held to the same security standards as your organization
  • Have an incident response plan in place in case of a holiday breach, so that everyone knows their roles and responsibilities
  • Multi-layered security software covering endpoint, email, server and cloud
  • Training and awareness programs to ensure staff can spot phishing attempts and understand rules around secure remote working
  • Have a plan in place for escalating security incidents to key personnel, even if they're on holiday

Cybercriminals are a determined bunch, with no regard for the holiday schedule of your security team. You’re better off planning for the worst-case scenario today, than risking it and potentially exposing your organization to a Christmas break from hell.