News
Hackers roam businesses at weekends, says Semperis research
Research by identity-driven cyber resilience pioneer Semperis (https://www.semperis.com),
reveals the Monday to Friday mentality means security teams are notoriously understaffed
outside of business hours, making holidays and weekends prime time for cybercriminals, with
three quarters of UK businesses experiencing ransomware attacks.
With over half of UK organizations leaving security teams understaffed during these critical times, there is a greater risk of attacks that are designed to cause disruption to day-to-day life.
The research (https://www.semperis.com/ransomware-holiday-risk-report/) found that 72% of UK organizations report experiencing ransomware incidents during holidays and weekends when security teams aren’t working at full capacity. Similar trends were noted across other major countries, with 70% of US respondents and an astonishing 81% of respondents from France also reporting attacks.
Surveying nearly 1,000 security professionals across various industries, Semperis’ Ransomware Holiday Risks Report highlights how businesses remain at considerable risk, especially when their SOC (Security Operations Centre) is under-resourced outside of business hours. Notably, the finance and manufacturing sectors are identified as highly susceptible, with 78% of global respondents from finance and 75% from manufacturing and utilities confirming ransomware incidents on holidays or weekends.
Despite the ongoing risk, the research shows that security teams who claim to be operating ‘round the clock’ 24/7 365 are only operating at 25% capacity. Additionally, over half (52%) of UK businesses admit that their SOC is only partially staffed on bank holidays and weekends, with 1 in 20 saying they don’t staff their SOC at all during those times. With fewer eyes on the network traffic and less attention to suspicious activity, this means hackers can slip in unnoticed – leaving organizations wide open to cyberattacks.
The impact of this is clear in high-profile cyberattacks designed to hurt businesses and their customers as much as possible. In the US, the Colonial Pipeline ransomware attack caused widespread fuel shortages and hit on Mother’s Day, while in the UK, the 2023 attack on payroll provider Zellis unfolded over a weekend affecting tens of thousands of British Airways, Boots and BBC staff. The recent Transport for London hack, which highlighted the growing threat of cyberattacks on public infrastructure, started on a Sunday.
“Cyber threats don’t take a holiday. In fact, attackers are exploiting quieter times when they know they may be more successful – using periods of understaffed security operations to their advantage. Our research report is an urgent wake-up call that you can never take your eye off the ball; the threat to business, critical infrastructure and consumers is constant,” said Dan Lattimer, Area Vice President, Semperis.
It seems for many organizations creating work-life balance for their employees is more important than cyber defence, with the research finding amongst 31% of organizations that a top reason why SOC were not staffed during weekends and holidays was because the “business is open Monday-Friday only” and “work/life balance is important” (31%) highlighting that security gaps could arise from a weak security culture. As such 34%) of UK respondents say they “did not think full staffing was necessary considering most employees work only during weekdays”, with a further 34% saying that they “did not think our business would be targeted by hackers”. Additionally, a third felt it wasn’t necessary because “their business has never been targeted in the past”.
“It’s high time businesses realised that cyber threats are present around the clock. The stark reality is that they are much more vulnerable when their SOC isn’t fully staffed,” warns Simon Hodgkinson, Strategic Advisor, Semperis. “In addition, securing business-critical infrastructure such as core identity systems should be at the top of every organization’s priority list – not an afterthought. It is worrying to see that so many organizations don’t allocate enough time, budget and resources to protecting their most vulnerable assets.”
“You really need to have someone on call all the time. Security teams could rotate responsibility with some employees taking weekdays off to ensure adequate staffing levels. In addition, organizations must have solid emergency procedures in place, with a tried and tested incident response plan that allows them to contain threats and restore operations quickly should an attack happen – regardless of whether the attacker strikes on a Sunday or a Tuesday,” adds Hodgkinson.
Identity is now the core entry point for the vast majority of cyberattacks and when attackers take the identity system – usually Microsoft Active Directory – down, the entire business grinds to a halt. However, the Semperis research also found that a quarter (25%) of UK respondents don’t feel their organization has the necessary expertise to adequately protect it against identity-related attacks, whilst 22% admit to not having an identity recovery plan in place.