Cybercrime is a relevant threat any time of year, but especially during the holidays. The FBI recently issued a warning about rising ransomware attacks on holidays and weekends, a trend that is far from new but growing. As cybercrime continues to rise, holiday cybersecurity needs to improve.
Many of the largest cyberattacks, including the Colonial Pipeline attack, have happened over various holidays. Smaller attacks tend to increase around these times of the year, too. Here are six reasons why.
Perhaps the most straightforward reason behind these cybercrime spikes is the fact that holidays mean fewer in-office employees. If IT teams have any workers in the office, they’ll be skeleton crews. With fewer people available to respond to threats, organizations are more vulnerable.
Even if teams can recognize these threats as they occur, it’ll take longer to respond. By the time security professionals travel from their homes to the office, it may be too late to stop the damage. Cybercriminals know this and will continue to take advantage of it.
Even if workers are present, holiday cybersecurity often falls short of normal standards. The holiday season is typically a busy time for businesses, so workers may be distracted by their other work. In the rush to accomplish other tasks, employees may miss signs of a cyberattack or practice poor cyber hygiene.
Human error contributes to 95% of all data breaches, and these errors are more likely when workers are distracted. As a result, cybercriminals have a higher chance of success if they attack around busy periods like holidays.
Attacks also pick up during the holidays because of the wealth of available data. With 24% of all cyberattacks in 2020 targeting retailers, this trend is easy to understand. As for shopping spikes, companies have more customer data on-hand, so a successful attack would reap higher rewards.
Cybersecurity during online holiday shopping is crucial, as an influx of shoppers make a business a more enticing target. With e-commerce making up an increasingly large portion of retail sales, this trend will likely grow even further.
Similarly, as companies see more business, their networks come under increased strain. This bump in traffic could make them more susceptible to a cyberattack, and criminals understand this. A hacker may slip by unnoticed during busy periods, or new vulnerabilities may open amid slowed, strained networks.
Companies may not prepare for this increase in traffic, causing their networks to slow as they see usage spikes. When that happens, distributed denial of service (DDoS) attacks may be easier to perform. This strain could similarly make it difficult to respond to these attacks.
Another factor in holiday shopping cybersecurity is people’s vulnerability to human engineering attacks. Phishing attempts, in particular, can be remarkably effective during these times, as they’re harder to spot. When users are already receiving many unsolicited emails and promotions, it’s easier to disguise a phishing email.
These attacks are highly profitable, with some instances costing $47 million, so they’re an ideal choice for cybercriminals. Distracted and busy employees during the holidays make the ideal targets, too.
Phishing isn’t the only type of cyberattack that is more likely to succeed around the holidays. Ransomware tends to see a particularly sharp rise, with 89% of organizations experiencing these attacks around holidays in 2021. Part of this is due to the general rise in cybercrime, but stressed companies may be more willing to pay ransoms.
During the busy holiday season, businesses may not have the energy or resources to attempt to recover stolen files. Paying a ransom to get them back quicker may seem more appealing, making these attacks more successful. Cybercriminals may jump on that chance to earn a fast payout.
The importance of holiday cybersecurity may go unnoticed by many companies. But given these risks, businesses must improve their security systems in preparation for the holiday season. Cybersecurity is just as a crucial topic during the holidays as any other time of the year, especially for your business. Taking the time to ensure that you are putting in advanced security practices such as Next-Gen SIEM and SOAR will help keep the holiday season safe.
Cyber threat intelligence is the process through which companies identify weaknesses in their own networks.
Therefore, SIEM solutions are considered one of the most prominent components of cyber security.