For most people, the holiday season is the best time to reconnect with family, enjoy some well-deserved rest, and eat tasty homemade food. But for cybercriminals, it is the perfect time to strike.
In fact, research suggests that cyberattacks surge between Christmas and New Year’s, when both individuals and companies have their guards down.
Do Cyberattacks Increase Over Christmas?
In recent years, cybercriminals have relied on ransomware to attack their victims—this type of malware locks or encrypts files on a system until a ransom is submitted, thus maximizing the chances of generating revenue.
Researchers at the UK-based cybersecurity company Darktrace released a report in December 2021 showing that ransomware attacks increase globally during the holiday season.
Darktrace observed that there is a 30 percent increase in the average number of ransomware attacks over the holiday period compared to the monthly average. The researchers also established a 70 percent average increase in attempted ransomware attacks in the months of November and December, compared to January and February.
It is no wonder, then, that governments across the world issue warnings at the end of the year, and urge businesses to stay vigilant.
As The Record reported, the German Federal Office for Information Security said in December 2021 that cybercriminals know companies are “less responsive” during the holiday season and therefore tend to strike at this time.
In the United States, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation (FBI) issued a similar warning in November 2021, advising all organizations, executives, and workers to proactively protect themselves from ransomware and other threats.
How Holidays Expose You to More Risk
It is not hard to see how the average person could fall for a phishing attack over the holidays; for example when they receive a “Merry Christmas” email or some sort of seasonal discount offer.
But when a worker falls for such a scam, the whole company is jeopardized, especially if they execute the malware and allow it to spread through the company systems. In the event of a ransomware attack, this would lead to data being encrypted and held for ransom, which could cause millions in damages.
Then there’s also the fact that everyone overindulges in food and drink over the holiday season. In 2021, Cybereason polled employees of companies that had been targets of ransomware attacks during the holidays. Shockingly, 70 percent of respondents in the survey admitted to being intoxicated while defending their company against ransomware.
And it is not just the lack of vigilance on workers’ parts that makes companies more vulnerable to cyberattacks over the festivities. The same study found that 36 percent of organizations had no contingency plan in place to respond to an attack, while a baffling 24 percent failed to implement one even after suffering a breach.
On top of all this, it is also important to note that IT and Security Operations teams are often short-staffed over Christmas and New Year’s, which makes organizations less prepared to handle cyberattacks if they occur.
In other words, a perfect storm of circumstances during this time of the year makes it much easier for malicious actors to strike and cause damage. The good news is, there are steps everyone can take to protect themselves this holiday season.
How to Protect Yourself This Holiday Season
It goes without saying that one should always keep best security practices in mind: never click on suspicious links, never download email attachments before checking the sender’s address and legitimacy, stay away from fishy websites, use complicated passwords (and change them frequently), and utilize multi-factor authentication mechanisms.
But there is only so much individuals and employees can do, given how capable and sophisticated cybercriminals have become, so every organization should plan ahead and have a solid contingency plan in place.
It is imperative to keep all systems up to date and scan them for vulnerabilities regularly, but especially before the Christmas and New Year’s peak in cybercrime. At least several IT security employees should be available and on call at all times, including during the holidays.
To further reduce the chances of a breach, companies should further consider implementing a zero-trust security architecture, which limits privileges, and requires all actors within a network to be authenticated in some way before being granted access to data. So, this security model doesn’t just help prevent cyberattacks, but also minimizes damage if one occurs.
Don’t Let Cybercriminals Ruin Your Holidays
Even if a company does everything by the book, a breach can still occur. Every business, regardless of its size, should have an incident response plan to help staff and IT professionals identify the breach early on and take steps to protect company systems.
For maximum safety, companies should invest in reliable backup solutions, and take a decentralized approach to data security in order to ensure strict access control and create an additional layer of protection. We may take the holidays off, but cybercriminals do not.