Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Cybercrime Takes No Vacations

And Neither does Cyber Resilience

by Brian Bochner , VP, Marketing
Published

Threat actors are opportunistic. 

Research by Darktrace in 2021 observed that cybercrime increased by 30% over the holidays compared to a monthly average. This was represented within Resilience’s internal data in 2021; notices increased by 4x in the month of December and 2x in October and November compared to our monthly average. 

However, Resilience’s internal data shows that as of 2022, cybercrime has become less seasonal and more consistent month over month

While in the past we have recognized a spike in cybercriminal activity over the holidays, Resilience’s data shows that claims notices in 2022 and 2023 are more contingent on geopolitical forces and large-scale incidents than on the time of year. 

The most active months for cybercrime in 2022 within our portfolio were May, June, and December. The fallout of the Russian invasion of Ukraine in February 2022 led to a dip in late winter, followed by an increase in cyber activity in late Spring/early Summer. In line with traditional trends, December 2022 remained one of the most active months. However, instead of a 4x increase on the month-to-month average, December 2022 saw less than 2x more cyber attacks than the monthly average. 

Given that data indicates cybercrime has a less seasonal correlation, it is always important to maintain best security practices and vigilance when the workforce is out for vacation. To help organizations keep their networks safe while enjoying the holiday season, Resilience has compiled this list of traditionally seasonal cybersecurity challenges and corresponding strategies to avoid them. 

Unsecured Network Usage 

While employees travel and work remotely, the threat of being hacked through public Wi-Fi heightens. Locations such as hotels, airports, coffee shops, and other hubs with free, unsecured Wi-Fi are hot spots for threat actors to gain unsolicited access to accounts. Several tactics can be deployed through an unsecured Wi-Fi network, such as “evil twin” attacks, password cracking, man-in-the-middle attacks, packet sniffing attacks, security vulnerabilities/misconfigurations, and more. 

To prevent any and all of these incidents, avoid using unsecured Wi-Fi networks whenever possible. If you must use an unsecured network, be sure you have a VPN installed on your devices. VPNs encrypt your data so it can’t be seen or stolen. 

Phishing Scams

Holiday phishing attempts are designed to trigger quick reactions from employees. They may appear to come from a member of leadership asking for urgent action or pose as well-known IT companies with phony security issues. Threat actors can access applications or systems once their false link is used or login credentials are entered. 

The best way to avoid phishing scams is through extensive employee training and awareness when clicking links and opening emails. Human error accounts for 88% of data breaches. Some email security systems monitor and flag suspicious emails, but these systems are not bulletproof and still require attentiveness and training. Phishing scams create a false sense of urgency to provoke someone to act quickly and without much thought. Always take the time to verify the sender of an email before clicking on any link, especially if it seems unusual or urgent. 

Ransomware 

Ransomware incidents have a massive impact on an organization’s ability to deliver value at any point in the year. However, for some industries such as manufacturers, retail, hospitality, and travel, business interruption during the holidays can significantly impact their bottom line. This pressure to deliver value and regain operationality puts even more stress on the organization to pay a ransom. 

Experiencing a ransomware incident over the holidays with a reduced workforce can lead to slower detection, longer investigation and greater damage to the organization. A ransomware study from Cybereason found that attacks occurring on weekends and holidays led to higher costs and greater revenue losses than attacks that occurred on weekdays. 

Building resilience against threats such as ransomware requires collaboration across risk management, security, and financial leadership, strong incident response strategies, and close internal monitoring. Resilience’s solution has been proven to help make clients more resilient against financial losses through extortions. Just 15% of our client base impacted by a ransomware event chose to pay an extortion fee in the first half of 2023. 

Strained Network

Depending on the industry, many organizations experience an influx of web traffic during the holidays. This influx can place IT’s focus more on the site’s experience and less on vulnerabilities or misconfigurations that may arise. But the strain on the workforce is the driving factor behind these risks. Threat actors recognize that most of the regular staff is out on vacation during the holidays, creating the prime opportunity to initiate a cyber attack that goes unnoticed until the damage has been done. 

DDoS (distributed denial of service) attacks are incredibly popular around the holidays for this reason. Overwhelming a target’s networks or servers when the IT team is already overworked and understaffed is a prime time for threat actors to instigate a DDoS incident, especially if the organization relies on its website for sales and operations. Reduce the risk of a DDoS attack by taking measures to reduce your attack surface and remain vigilant for signs of abnormal web traffic. Consider bandwidth (or transit) capacity and server capacity to absorb and mitigate potential large-scale DDoS attacks. 

Reputational Damage 

Holiday scams can impact your organization’s reputation even if threat actors do not touch your network or systems. Should threat actors invoke your organization’s name to send phishing emails or advertise false sales, the initial reaction from clients can be to assume that your organization is at fault or experiencing a breach. Experiencing an incident can lead to a lack of trust and decreased sales for the season or beyond. 

Should your company be spoofed for a phishing scam, reduce potential reputational damage by being transparent and promptly addressing and reporting the incident. Notify law enforcement and customers of the scam and provide resources to any impacted individuals.  

While incident data shows that cyber attacks are becoming less seasonal, cybercrime doesn’t take vacations. Make sure that when your team takes a break, you plan for cyber resilience. 

The Resilience Solution is designed to help security, risk management and financial leadership manage their cyber risk through enhanced security visibility combined with dynamic insurance policies. Our capabilities allow us to quickly share data around evolving market trends and offer corresponding strategies to respond effectively. 

You might also like

Scattered Spider strikes again in recent UK retail attacks

In the past two weeks, the UK retail industry has faced an unprecedented wave of sophisticated cyberattacks, exposing critical vulnerabilities across the sector. The high-profile breaches at Marks & Spencer, Harrods, and others have sent shockwaves through the industry, with M&S alone suffering an estimated £3.8 million in lost online sales per day and seeing […]

See what a cyber attack could really cost your enterprise

Data breaches cost U.S. businesses an average of $9.36 million per breach in 2024, yet many enterprises still struggle to quantify their specific cyber risk exposure in financial terms. How do you translate complex technical vulnerabilities into language that your CFO, board members, and other stakeholders can understand and act upon? We’re excited to announce […]

A decision scientist’s perspective on AI

As the Senior Director of Cyber Resilience at Resilience, I bring a somewhat unconventional perspective to the table. Unlike many in our industry who come from traditional cybersecurity or insurance backgrounds, my expertise lies in decision science. Throughout my career, I’ve been fascinated by one central question: How can we help people make good decisions […]

What enterprises over $10 billion need to know about managing cyber risk

The role of the Chief Information Security Officer has undergone a profound transformation from a purely technical role to a strategic business one in recent years. For CISOs operating in organizations with over $10 billion in revenue—a segment that Resilience has recently expanded its cyber risk solutions to serve—the shift comes with unique pressures and […]

How to create an effective Incident Response Plan

Cyberattacks are no longer a distant threat—they are a certainty. Whether it’s a ransomware attack, data breach, or insider threat, organizations must be prepared to respond quickly and effectively. Without a solid plan in place, even a minor security incident can spiral into a major crisis, leading to financial losses, reputational damage, and regulatory penalties. […]

Understanding the ClickFix attack

Imagine a cyberattack so simple yet so deceptive that all it takes is three keystrokes to compromise your system. This is the reality of the ClickFix attack, a threat that Resilience threat researchers have observed in the wild since 2024 and that seems to be ramping up in recent weeks. ClickFix cleverly manipulates users into […]