Ransomware doesn’t take holidays

SMART Cybersecurity Handbook 2022 Information Security

The report, titled Organizations at risk: Ransomware attackers don’t take holidays, highlights the disconnect between perceived threat and preparedness that results in longer incident response and recovery cycles.


Lior Div.

The study found that most security professionals expressed high concern about imminent ransomware attacks, yet nearly half felt they do not have the right tools in place to manage it. In addition, nearly a quarter (24%) still do not have specific contingencies in place to assure a prompt response during weekend and holiday periods despite having already been the victim of a ransomware attack.

Similarly, in South Africa, the study found that 20% of companies have no security plans for holidays or weekends. The findings highlight a disconnect between the risk ransomware poses to organisations during these off-hour periods and their preparedness to respond moving into the holiday season.

Organisational impact

The lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on victim organisations, with 60% of respondents saying it resulted in longer periods to assess the scope of an attack, 50% reporting they required more time to mount an effective response, 33% indicating they required a longer period to fully recover from the attack.

In South Africa, 38% said it would take longer to stop if the attack took place on a weekend or holiday. More concerning is that 84% of respondents said they were intoxicated on the job responding to an attack on a holiday or weekend.

This research validates the assumption that it takes longer to assess, mitigate, remediate and recover from a ransomware attack over a holiday or weekend.

Technology issues

Another indicator of the disconnect between the perceived risk and preparedness includes the fact that although 89% said they are concerned about attacks during weekend and holiday periods, 49% said the ransomware attack against their organisation was successful because they did not have the right security solutions in place.

Just 67% of organisations had a NextGen Antivirus (NGAV) solution deployed at the time of the attack, 46% had a traditional signature-based antivirus (AV) in place and only 36% had an endpoint detection and response (EDR) solution in place.

On the human side of the equation, 86% of respondents indicated they have missed a holiday or weekend activity because of a ransomware attack, a situation that can factor into employee job satisfaction and potential burnout.

“Ransomware attackers don’t take time off for holidays. The most disruptive ransomware attacks in 2021 have occurred over weekends and during major holidays when attackers know they have the advantage over targeted organisations,” said CEO and co-founder of Cybereason, Lior Div. “This research proves out the fact that organisations are not adequately prepared and need to take additional steps to assure they have the right people, processes and technologies in place so they can effectively respond to ransomware attacks and protect their critical assets.”

The full report can be obtained from www.securitysa.com/*ransom1 (redirects to https://www.cybereason.com/ebook-ransomware-attackers-dont-take-holidays).


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.