Cybereason, an XDR company, published the findings of a global study of organizations that experienced a ransomware attack during a holiday or weekend. The study reveals an ongoing gap between the increased risk that organizations face from ransomware attacks that occur on holidays and weekends and their readiness to deal with them, as ransomware attacks during these times take longer to assess and resolve year over year.
Higher assessment and remediation times are caused by the fact that 44% of businesses reduce security staffing on holidays and weekends by up to 70% compared to weekday levels. Surprisingly, 20% of businesses reduced security staffing by 90% from weekday levels. Only 7% of businesses are at least 80% staffed on holidays and weekends.
The study, titled Organizations at Risk: Ransomware Attackers Don’t Take Holidays, of 1,203 cybersecurity professionals from eight countries, including the United Arab Emirates (UAE), discovered that holiday and weekend ransomware attacks result in higher revenue losses than weekday ransomware attacks. One-third of respondents said their organization lost more money as a result of a holiday/weekend ransomware attack, up from 13% in the 2021 survey. The percentage of respondents reporting higher revenue losses in the education and transportation industries increased to 43% and 48%, respectively.
“Ransomware actors tend to strike on holidays and weekends because they know companies’ human defenses often aren’t as robust at those times. It allows them to evade detection, do more damage, and steal more data as security teams scramble to mobilize a response. Cybereason found that risk assessment is slower, it takes companies longer to assemble the team to fight the initial attack, which leads to slower remediation and recovery times,” said Lior Div, Cybereason CEO and Co-founder.
When it comes to holiday and weekend ransomware attacks, businesses are concerned about more than just financial losses. Indeed, ransomware attacks disrupt the lives of security professionals who defend businesses, with 88% of respondents missing a holiday or weekend celebration as a result of a ransomware attack. These figures were higher in the financial services industry, where more than 90% of respondents reported missing out on family time.
“Disrupting cybersecurity professionals’ well-earned downtime and interfering with their personal lives takes a toll on their wellbeing, leads to burnout and causes some people to leave the field altogether. The overall success cyber criminals have attacking on holidays and weekends leads to them more aggressively targeting companies during these times as a way to further fuel their criminal empires,” added Div.
Ransomware is avoidable, and many companies provide endpoint detection and response technologies to combat the scourge. Implementing a security awareness program for employees and regularly updating and patching operating systems and other software are positive steps. Furthermore, organizations should implement clear isolation practices to prevent further ingress on the network or the spread of the ransomware to other devices. When possible, they should also consider locking down critical accounts. In order to spread ransomware across a network, attackers frequently escalate privileges to the admin domain-level and then deploy the ransomware.
