22 November 2024
Cyber attackers are targeting holidays and weekends to cause maximum disruption, yet many UK businesses remain underprepared outside of standard working hours.
With over half of UK organisations leaving security teams understaffed during these critical times, there is a greater risk of attacks that are designed to cause disruption to day-to-day life. This is according to new research conducted by Semperis.
The research found that 72% of UK organisations reported experiencing ransomware incidents during holidays and weekends when security teams aren’t working at full capacity. Similar trends were noted across other major countries, with 70% of US respondents and an astonishing 81% of respondents from France also reporting attacks.
The Ransomware Holiday Risks Report, which surveyed nearly 1,000 security professionals across various industries, highlights how businesses remain at considerable risk, especially when their SOC (Security Operations Centre) is under-resourced outside of business hours. Notably, the finance and manufacturing sectors are identified as highly susceptible, with 78% of global respondents from finance and 75% from manufacturing and utilities confirming ransomware incidents on holidays or weekends.
Despite the ongoing risk, 52% of UK businesses admitted their SOC is only partially staffed on bank holidays and weekends. One in 20 don’t staff their SOC at all during those times. And 42% of UK respondents who claimed to maintain a 24/7/365 SOC said it only operates at 25% capacity. With fewer eyes on the network traffic and less attention to suspicious activity, this means hackers can slip in unnoticed – leaving organisations wide open to cyberattacks.
“Cyber threats don’t take a holiday. In fact, attackers are exploiting quieter times when they know they may be more successful – using periods of understaffed security operations to their advantage. Our research report is an urgent wake-up call that you can never take your eye off the ball; the threat to business, critical infrastructure and consumers is constant,” said Dan Lattimer, area vice president, Semperis.
Asked why their organisation scaled back IT and security staffing at weekends and during holidays, a third (34%) of UK respondents said they “did not think full staffing was necessary considering most employees work only during weekdays.” The same number said they “did not think our business would be targeted by hackers” and a third felt it wasn’t necessary because “their business has never been targeted in the past.” Other top reasons given were “our business is open Monday-Friday only” (31%) and “work/life balance is important” (31%) – highlighting that security gaps could arise from a weak security culture.
Identity is now the core entry point for the vast majority of cyberattacks and when attackers take the identity system – usually Microsoft Active Directory – down, the entire business grinds to a halt. However, the Semperis research also found that a quarter of UK respondents don’t feel their organisation has the necessary expertise to adequately protect it against identity-related attacks. Over one in five (22%) UK businesses don’t have an identity recovery plan in place.
“It’s high time businesses realised that cyber threats are present around the clock. The stark reality is that they are much more vulnerable when their SOC isn’t fully staffed. In addition, securing business-critical infrastructure such as core identity systems should be at the top of every organisation’s priority list – not an afterthought. It is worrying to see that so many organisations don’t allocate enough time, budget and resources to protecting their most vulnerable assets,” said Simon Hodgkinson, strategic advisor, Semperis. “You really need to have someone on call all the time. Security teams could rotate responsibility with some employees taking weekdays off to ensure adequate staffing levels. In addition, organisations must have solid emergency procedures in place, with a tried and tested incident response plan that allows them to contain threats and restore operations quickly should an attack happen – regardless of whether the attacker strikes on a Sunday or a Tuesday.”