Cybereason has published results from a global study that highlights an ongoing disconnect between the increased risk organizations face from ransomware attacks that occur on holidays and weekends and their readiness to handle them as, year-over-year, ransomware attacks during these times take longer to assess and resolve.
The higher assessment and remediation times stem from the fact that 44 percent of companies reduce security staffing on holidays and weekends by as much as 70 percent from weekday levels. 20 percent of companies cut security staffing by 90 percent from weekday levels. Conversely, only 7 percent of companies are at least 80 percent staffed on holidays and weekends.
Titled ‘Organizations at Risk: Ransomware Attackers Don’t Take Holidays’, the study of 1,203 cyber security professionals found that holiday and weekend ransomware attacks result in greater revenue losses than ransomware attacks on weekdays. One-third of respondents said their organization lost more money from a holiday/weekend ransomware attack, up from 13 percent of respondents in the 2021 study. In the education and transportation industries, the number of respondents reporting higher revenue losses jumped to 43 percent and 48 percent, respectively.
“Ransomware actors tend to strike on holidays and weekends because they know companies’ human defenses often aren’t as robust at those times. It allows them to evade detection, do more damage, and steal more data as security teams scramble to mobilize a response. Cybereason found that risk assessment is slower, it takes companies longer to assemble the team to fight the initial attack, which leads to slower remediation and recovery times,” said Lior Div, Cybereason CEO and Co-founder.
The research was conducted by Censuswide in September of 2022 with participants from the United States, United Kingdom, France, Germany, Italy, South Africa, United Arab Emirates and Singapore.