Ransomware wreaks worse havoc on holidays, weekends

Ransomware attacks during holidays and weekends take longer to assess and resolve, showing an ongoing disconnect between the increased risk organisations face from ransomware attacks that occur during these times and their readiness to handle them.

A report from Cybereason finds that the higher assessment and remediation times stem from the fact that 44% of companies reduce security staffing on holidays and weekends by as much as 70% from weekday levels. 

One in every five (20%) companies cut security staffing by 90% from weekday levels. Conversely, only 7% of companies are at least 80 % staffed on holidays and weekends.

The research was conducted by Censuswide in September of 2022 and a total of 1,203 cybersecurity professionals took part in the survey.

Participants are based in the United States, United Kingdom, France, Germany, Italy, South Africa, United Arab Emirates and Singapore. 

Major industry verticals covered in the research include the Technology, Manufacturing, Financial Services, Retail, Healthcare, Automotive, Legal and Government sectors.

The study found that holiday and weekend ransomware attacks result in greater revenue losses than ransomware attacks on weekdays. 

One-third of respondents said their organisation lost more money from a holiday/weekend ransomware attack, up from 13% of respondents in the 2021 study. 

In the education and transportation industries, the number of respondents reporting higher revenue losses jumped to 43% and 48%, respectively.

Cybereason CEO and Co-founder Lior Div said ransomware actors tend to strike on holidays and weekends because they know companies’ human defenses often aren’t as robust at those times. 

“It allows them to evade detection, do more damage, and steal more data as security teams scramble to mobilise a response,” said Div. “Cybereason found that risk assessment is slower, it takes companies longer to assemble the team to fight the initial attack, which leads to slower remediation and recovery times.” 

Further, ransomware attacks disrupt the lives of the security professionals defending businesses with 88% of respondents missing a holiday or weekend celebration due to a ransomware attack. 

These numbers were higher in the financial services industry, where more than 90% of respondents said they had missed out on time with family.

Disrupting cybersecurity professionals’ well-earned downtime and interfering with their personal lives takes a toll on their wellbeing, leads to burnout and causes some people to leave the field altogether. 

Div said implementing a security awareness program for employees, assuring operating systems and other software are regularly updated and patched is a step in the right direction. 

In addition, firms need to ensure clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices.