There is growing concern about the growing threat of ransomware, especially during periods of high business distraction, such as holidays and weekends. Many organizations underestimate the risks and often have inadequate defenses at critical moments.

This is highlighted by Semperis in its report, “2024 Ransomware Holiday Risk Report”, where it also reveals that 86% of the organizations surveyed in the United States, United Kingdom, France and Germany that were attacked were attacked on a holiday or weekend. week. However, 85% of companies surveyed (90% in the United States) reduce their security staff by up to 50% during these periods.

“Seeing how vulnerable AD is, corporate leaders should reevaluate risk from an operational resilience perspective to better understand the exposure of their IT infrastructure,” says Mickey Bresman, CEO of Semperis. “Every company board should ask their CISO what their level of risk is and what systems, if removed, would completely cripple their business. They will find that AD compromises take down entire networks, leaving most organizations struggling to recover.”

Increased Surveillance During Vacations

During times of rest, such as holidays and weekends, it is essential that companies do not relax their security measures, but instead increase their vigilance. Cybercriminals are known to attack during times of reduced staff, taking advantage of distraction and lack of attention of organizations. This article highlights that implementing a robust system and data recovery plan can be critical in addressing cyber threats, such as ransomware. Ray Mills, director of Semperis, emphasizes that awareness and preparation are crucial to protect against these attacks.

Attack Patterns and Business Distractions

Ransomware attack patterns during critical periods reveal that many organizations lack adequate defenses against threats that occur when distractions are present. The study suggests that those responsible for attacks often exploit moments of less attention, such as during the weekend or on important occasions such as mergers or acquisitions. Evidence shows that Microsoft Active Directory is a prime target for attackers, highlighting the importance of Identity Threat Detection and Response (ITDR) systems for cyber resilience. This translates into the need to protect identity infrastructure within organizations.

Ransomware Risk Study Results

The article is based on two reports from the “Ransomware Risk Report”: the first evaluates the frequency and severity of these attacks globally, while the second focuses specifically on the risk of ransomware during moments of distraction. A study was carried out in conjunction with Censuswide that covered multiple industries in various countries and revealed an alarming picture: attacks are not only constant, but also costly for companies. This risk is especially amplified in organizations with fewer staff to handle threats during weekends and holidays.

Impact of Cyberattacks on Different Sectors

Statistics obtained from the study show that 75% of organizations affected by ransomware were attacked during weekends or holidays, with education and health sectors being particularly vulnerable (100% and 92% respectively). This indicates that companies should reevaluate their security protocols and consider maintaining a consistent staff in their Security Operations Centers (SOC) throughout the year. Lack of attention and resources during critical periods can result in disastrous consequences for data integrity and overall business operation.

Identity Protection as a Key Priority

The article also discusses the need for companies to understand the importance of protecting their identity systems. Attackers often evade endpoint-focused defenses and target identity systems, since once they gain access to these, they can compromise the organization’s entire infrastructure. The ability of companies to respond to an attack and recover functionality depends largely on their strength in identity protection.

Recommendations and Steps to Follow towards Resilience

To mitigate the risk of ransomware, various actions are suggested that companies can implement. This includes establishing robust ITDR systems and integrating identity security into all business strategies, especially during significant events such as mergers or acquisitions. It is critical that business leaders recognize the value of identity security to business resilience and move toward strengthening these measures across their organization.