Summary Points
-
Ransomware Timing Exploited: Over 52% of ransomware attacks occur during weekends or holidays, targeting understaffed organizations during off-peak hours.
-
Staffing Challenges: Many companies significantly reduce SOC teams during holidays, with 78% of surveyed organizations operating at half capacity or less, increasing vulnerability to attacks.
-
Employee Burnout: As cybersecurity professionals face burnout, they miss critical holiday periods, leading to slower response times and greater financial impacts during ransomware incidents.
-
Mitigation Strategies Needed: Organizations should establish clear incident response plans and maintain essential security coverage even with limited staffing, potentially through AI automation and on-call rotations.
[gptAs a technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘The Ransomware Holiday Bind: Burnout or Be Vulnerable’in short sentences using transition words, in an informative and explanatory tone, from the perspective of an insightful Tech News Editor, ensure clarity, consistency, and accessibility. Use concise, factual language and avoid jargon that may confuse readers. Maintain a neutral yet engaging tone to provide balanced perspectives on practicality, possible widespread adoption, and contribution to the human journey. Avoid passive voice. The article should provide relatable insights based on the following information ‘
There’s never a good time to get hit by ransomware, but fallout can be even more devastating when attacks hit during off-hours, weekends or holidays. That’s the time when threat actors strike, knowing enterprises are understaffed.
Ransomware gangs are a steady, rising threat that reports show operate as legitimate businesses, complete with customer service and help desk personnel. That reflects in well-thought out attack steps, including timing which commonly correlates with organizations’ weekend and holiday downtime, an important tool against staffer burnout.
Fifty-two percent of ransomware attacks reported within the past 12 months occurred on a weekend or holiday, according to a recent Semperis report that analyzed responses from 10 countries and eight industry sectors. The attacks coincided with Security Operations Center (SOC) staffing challenges as employees took time off to avoid burnout. During that time, 78% of surveyed respondents said they cut SOC teams by 50% or more. Additionally, six percent confirmed they did “not staff their SOC at all outside of the regular workweek.”
Concerns are not new. Cybereason documented the ongoing problems in a 2022 report that found that “organizations remain unprepared to handle a ransomware attack on a holiday or weekend” resulting in longer response times and higher financial losses. Eighty eight percent of cybersecurity professionals polled reported they missed holiday and weekend celebrations due to a ransomware attack.
While Google hasn’t observed an increase in ransomware risks during the holidays, its investigations have revealed that it is “plausible that ransomware actors intentionally conduct operations during non-working periods”, explains Zach Riddle, principal analyst for Google’s Threat Intelligence Group.
More than 70% of encryption events in cases handled in 2024 occurred before 8 a.m. or after 6 p.m., “marking a significant operations preference,” Riddle says. And while it wasn’t as dramatic a trend, 30% of ransomware encryptions during that same period were started over the weekend.
‘It’s Already Too Late’
It’s unsurprising that attackers target enterprises at their most vulnerable, but two key factors play into this ransomware plight: burnout and skeleton crews.
Organizations already contend with a lack of security resources and staffing shortages daily, but holidays and weekends compound the issues, says Adam Strange, principal analyst for Omdia. “IT staffing is not cut necessarily, but it would be spread more thinly as those staff that are left attempt to cover for colleagues on leave,” he explains.
Many employees take vacation during the holidays, and those who are working may be distracted and feel overworked, explains Truman Kain, principal product researcher at Huntress. Distracted employees could unintentionally click on malicious links or fall for increasingly realistic phishing campaigns.
During the weekends, most organizations are understaffed, so attacks may go unnoticed until Monday morning. But by then it’s already too late, warns Kain.
“If your security team is a skeleton crew on weekends and holidays, you’re more likely to get hit with ransomware,” Kain says. “It’s not a matter of it, but when.”
Attackers are taking advantage of organizations that reduce staffing and encourage time off to avoid burnout, suspects Jonathan Reiter, lead instructor for offensive operations at SANS Institute.
Burnout is an ongoing concern security professionals face, particularly CISOs and SOC teams who are expected to work strenuous hours and address a myriad of issues. Most organizations keep minimal staff during the holidays to help extinguish burnout that could be creeping up for overworked employees, but ransomware gangs are noticing the absence and taking advantage, says Reiter.
Can Understaffed Enterprises Respond to Ransomware?
Designated employee downtime is crucial to avoid burnout, but it does leave security gaps. Implementing and maintaining well-documented plans – from IR and crisis management to business continuity – can offset the challenges.
“During holidays, when staff may rotate in and out, every team member needs to know where that documentation lives, what the escalation paths are, and who to call if additional support is needed,” Kerri Shafer-Page vice president of digital forensics and incident response at Arctic Wolf recommends.
Despite limited staffing, organizations with clear processes, strong documentation, and artificial intelligence helping automate the noisy work can respond quickly when attackers try to exploit off-hours gaps, adds Shafer-Page.
Reiter recommends one action item for enterprises: Implement network segregation to separate the more critical components from the network where users work. It also wouldn’t hurt to hold tabletop exercises a few times a year to test scenarios like a massive attack over Christmas break and see how an enterprise’s plans hold up to those threats, adds Reiter.
“You definitely do not need a full staff over the holidays, but you should have a dedicated team that can operate on an on-call rotation in case an emergency does happen,” Reiter tells Dark Reading. “Those teams that might have to get called in should get a nice, fat bonus for being pulled away from quality family time.”
Consider Year-Long Implications
It’s just as important to implement strong defenses to protect against ransomware daily, no matter if SOC teams are skeleton crews or fully staffed. Strange emphasizes organizations must always maintain a base level of security coverage, regardless of whether it’s a holiday, weekend, or after office hours.
Preventing or mitigating from an attack is not restricted to normal hours, as evidenced by the influx of attacks over the past year. If enterprises have security gaps because of staffing issues during non-working hours, then they may need to rethink their strategies. Ineffective security postures may require new technology like automation, sub-contracting, cost-effective outsourcing, or adjustment of leave policy over the holiday periods.
“Any additional resources on top of agreed minimum levels which can be brought to bear will of course help, but organizations exposing themselves due to too many security staff being away on leave needs to be avoided at all costs, or urgently rectified,” Strange advises.
‘. Do not end the article by saying In Conclusion or In Summary. Do not include names or provide a placeholder of authors or source. Make Sure the subheadings are in between html tags of
[/gpt3]
Continue Your Tech Journey
Stay informed on the revolutionary breakthroughs in Quantum Computing research.
Discover archived knowledge and digital history on the Internet Archive.
CyberRisk-V1
