Why Cyberattacks Rise Around Holidays and How to Mitigate Them

Thanksgiving and the winter holidays are fast approaching, bringing tides of joy, holiday spirit, and a few extra days away from work. Normally a time for R&R with family and friends, U.S. holidays are quickly becoming a target-rich environment for internationally sanctioned cyberattacks.

According to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), there is a pattern of increased “highly impactful” attacks occurring during and around holidays in the United States. The agencies suggest that cybercriminals strategically target American holidays to breach enterprise networks because they know offices are short-staffed and response times to cyber events are likely to be dramatically reduced. Further, because employees often travel during and around holidays, companies may need to call in third-party experts to handle a breach. The result is more valuable time for hackers to propagate a ransomware attack, for example, as the outside experts take stock of a new network.

A Pattern of Attack

On July 2nd, 2021, as people prepared for the first semi-normal holiday since the beginning of the pandemic, the Fourth of July, a Russian-based ransomware-as-a-service (RaaS) group was busy launching a cyberattack against third-party vendors of Kaseya, a U.S. software company based in Miami. The breach affected about 1,500 businesses and the attackers demanded a ransom of $70 million.

The Kaseya hack is part of an established pattern of large cyberattacks targeting organizations around holidays.

As noted by the FBI and CISA, there is a clear strategic design to the timing of certain cyberattacks—holidays are open season. That is why they strongly encourage increased thoroughness in evaluating your security posture leading up to holidays—especially holiday weekends—and not letting your guard down even if you feel confident in your defensives.

What steps can your organization take to mitigate holiday cyberattacks?

Preparing for Cyberattacks Around Holidays

The solution to the prevalence and severity of cyber threats does not and should not need to be maintaining a full staff and refusing employees time off during holidays.

To protect your business’s most valuable asset—your data—there are two extremely valuable preventative steps you can take to mitigate the likelihood of a holiday attack.

Conduct Penetration Testing

To stop a criminal, it is helpful to think like one. That is the notion behind penetration testing, which employs a third-party organization to perform an “ethical hack,” seeking to infiltrate your business and find flaws in your security that hackers might exploit before they do.

Pen tests provide valuable information about vulnerabilities in your security posture that you can patch and improve before they are exposed. At Sidechain Security, we recommend annual penetration testing–at a minimum–to remain vigilant against the most novel hacking tactics. Completing a pen test before the winter holiday season may be a strategic time to ensure your organization has a quiet November and December.

Go Threat Hunting

In the short term leading up to a holiday, the FBI and CISA recommend businesses conduct preventative threat hunting. Like penetration testing, threat hunting requires evaluating your network and application security posture before an attack occurs. However, whereas pen testing tells you how cybercriminals might infiltrate your infrastructure, threat hunting identifies bad actors that may already be present in your network.

Hackers, or threat actors, can be present or dwell in your infrastructure before they act to steal and expose your data. They may spend time evaluating and enumerating your networks, systems, and applications to find exploitable weaknesses for critical damage and data exfiltration.

Threat hunting takes advantage of this tendency by searching for signals of illicit activity to expose cybercriminals before they can act and can cause harm to your network, ruining your holiday.

Playing Offense to Beat Back Hackers

Sometimes the best defense really is a great offense. Protecting your data–the organizational crown jewels your business depends on–demands being proactive and playing offense against threat actors. Combining penetration testing with threat hunting is most likely to grant your business the best holiday wish of all, a few stress-free days off.

Prepare for Holiday Attacks with Sidechain Security

If having a cybersecurity partner with more than two decades of industry expertise conducting security reviews and building reliable cyber infrastructures sounds useful for protecting your business around the holidays, look no further than Sidechain Security.

At Sidechain, we specialize in providing analysis unique to the safeguarding of your business and its data. Whether your organization needs to conduct penetration testing to uncover vulnerabilities in its security posture, or you require industry-leading employee security training, Sidechain is here to help.

To get started protecting your business, sign up for our free security assessment today to gain valuable insight into the current state and effectiveness of your cyber defense.

Speak to an expert

Thank you for reaching out. One of our experts will be in touch with you.