Attackers target holidays and weekends to catch enterprises off guard
Cyberattackers are targeting holidays and weekends to cause maximum disruption, yet many businesses remain underprepared outside of standard working hours.
A new report from Semperis, based on a survey of almost 1,000 cybersecurity professionals, shows that 86 percent of surveyed organizations in the US, UK, France and Germany that were attacked were targeted during a holiday or weekend.
However, it also reveals that 85 percent of security operations centers reduce staffing by as much as 50 percent at these vulnerable periods.
"Cyber threats don't take a holiday. In fact, attackers are exploiting quieter times when they know they may be more successful -- using periods of understaffed security operations to their advantage. Our research report is an urgent wake-up call that you can never take your eye off the ball; the threat to business, critical infrastructure and consumers is constant," says Dan Lattimer, area vice president at Semperis.
In addition, 63 percent of attacked respondents were targeted during a major corporate event such as a merger, acquisition, or IPO. In finance, that number jumps to 76 percent, which is alarming, given the presence of stricter security mechanisms.
In nine-out-of-ten ransomware attacks, hackers compromise an organization's identity system, most often Microsoft Active Directory (AD) or Entra ID. Yet the study results show that 35 percent of organizations do not budget for the defense of AD or Entra ID. In addition, 61 percent of companies do not have dedicated AD or Entra ID backup systems in place.
In fact organizations tend to overestimate their identity defenses. 81 percent of respondents believe they have the necessary expertise to protect against identity-related attacks, yet 83 percent suffered a successful ransomware attack within the past 12 months.
"Seeing how vulnerable AD is, corporate leaders should reevaluate risk from an operational resilience perspective to better understand the exposure of their IT infrastructure," says Mickey Bresman, CEO of Semperis. "Every corporate board should ask their CISO what their level of risk is and which systems, if taken out, would completely cripple their business. You will find that AD compromises take down entire networks, leaving most organizations scrambling to recover."
The full report is available from the Semperis site.
Image Credit: claudiodivizia/depositphotos.com