Please fill in the form below to subscribe to our blog

Be Ready for Cyberattacks During the Winter Holiday Season

December 15, 2022
presents and a round ball ornament are displayed as digital lights lrepresenting the interior of a computer

Businesses Need to Prepare Now for Possible Holiday & Weekend Cyberattacks


‘Tis the season of celebrations. For most of us, it is a long-awaited chance to take our foot off the gas, unwind with friends and family, and eat our favorite meals. The holiday season also witnesses a drastic spike in online spending. Adobe Digital Economy predicts an 11% year-on-year increase in online spending globally that will hit $910 billion this season. The same report also indicates that in the U.S. alone, online holiday sales in November and December are expected to reach a record $207 billion. However, holiday time isn’t always a relaxing time for IT professionals as cybercrime rates skyrocket and threat actors come calling. 


What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>


Cybercriminals want to give companies an unwelcome gift


With a significant increase in online spending, cybercriminals see the holiday season as the perfect opportunity to launch attacks, and ransomware is their favorite gift to give any organization. A new holiday ransomware study from Cybereason, “Organizations at Risk 2022: Ransomware Attackers Don’t Take Holidays”, dives into ransomware impacts on companies and employees throughout the winter holidays with data included for major industries and geographic regions. The FBI also issued a warning in November, advising all organizations, executives and workers to proactively protect themselves from ransomware and fraud during the holiday season. 

Holiday Phishing & Fraud Highlights

Source: AARP


How good is your identity and access management? Use this checklist to see if it’s really getting the job done. GET IT>>


Ransomware threats take center stage 


When reviewing the top threats that companies SOCs handled through the holiday season three major cyberattacks stood out as the most problematic incidents for SOCs, although the prominence of those threats did vary by region. In about half of the countries surveyed, respondents said that ransomware is the most common holiday and weekend threat their SOC sees. It’s especially pernicious for U.S. companies, with more than half (66%) of IT pros in the U.S. indicating that is the threat their SOC handles the most during holiday periods. For organizations in the UK, their SOC is most likely to be looking at a supply chain attack (45%). Overall, an average of 49% of respondents indicated ransomware, 46% of respondents pointed to a supply chain attack and 31% said a targeted attack was the incident that their SOC was most likely to have to deal with during a weekend or holiday.    

The Top 3 Threats SOCs See on Holiday Weekends by Country 

   US   UK   Germany   France   UAE     Singapore     Italy     South Africa    
Ransomware    66%   45%   40%   41%   50%   45%   37%   44%  
Supply chain attack    47%   54%   30%   33%   48%   38%   51%   45%  
Targeted attack    34%   29%   25%   31%   27%   29%   33%   35%  

Source: Cybereason 


Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>


Many factors lead to an increase in cyberattacks during holidays 


As both individuals and companies have their guards down during the holiday season, cyberattacks surge to a great extent. The IT skill shortage also hampers organizations’ ability to thwart cyberattacks. The problem worsens around the winter holidays, giving threat actors the perfect opportunity to execute their devious plans. According to the Cybereason survey, most companies run at less than half staff (44%) during holidays and weekends. Many companies drop to less than 10% staffing during those periods, including companies in four major verticals: Finance (36%), Healthcare (26%), Manufacturing (17%) and IT and Telecom (15%).   

Another prominent reason for the cyberattack surge is holiday shopping. Businesses go all out with the most attractive deals and offer to beat their competition and improve their brand value. Often, consumers are so engrossed in finding the best deal that they fall into cybercriminals’ traps. Also, as the online presence increases due to shopping and using mobile devices to stay connected, cybercriminals have more opportunities to launch attacks during the holiday season. Plus, employees add unanticipated risk for businesses as they shop from work devices


See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>


Organizations have strained networks 


As most organizations are in overdrive during the holiday season, their networks are more strained due to increased traffic, and cybercriminals are aware of this vulnerability, and they won’t hesitate to take advantage of the opportunity it presents. Bad actors also know that many companies are unprepared to handle increased traffic on their networks, making it easier for them to penetrate the networks unnoticed and launch distributed denial of service (DDoS) and other cyberattacks. 

The chances of a successful attack also increase as companies can’t afford to hurt their brand image during the holiday season due to increased customer traction. In order to ensure undisrupted business operations, many companies may be inclined to accept perpetrators’ demands and pay up in the case of a ransomware attack. Due to holiday fervor, employees are more distracted, and in a rush to complete other tasks, it’s easy for them to abandon cyber hygiene or miss signs of cyberattacks. According to The Global Risks Report 2022 by the World Economic Forum, human errors lead to 95% of data breaches.  


Security and compliance training pays amazing dividends. Get tips to run an effective program with our how-to guide! GET GUIDE>>


Take smart precautions to mitigate holiday & weekend risk 


Making sure that a company has an incident response plan ready is essential for ensuring that a company can quickly respond to threats and mitigate damage from a successful attack. These resources can help IT professionals learn more about the holiday season cybersecurity risk and digital fraud threats that businesses face.  

One major mitigation that companies can enact is security awareness training including phishing simulations. Many major holiday threats like ransomware are often email-based. Organizations should step up training for their employees in advance of dangerous periods to prevent them from falling into cybercriminals’ traps.  


Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>


Put powerful cybersecurity solutions in place now


Take action now to avoid trouble (and regrets) later. These solutions work together to provide a robust defense against cyberattacks for any business without breaking the bank.


Security Awareness Training     


BullPhish ID is the perfect solution to use to make that happen!      

  • A huge library of security and compliance training videos with 4 new lessons added a month!     
  • Choose from plug-and-play or customizable phishing training campaign kits     
  • Automation makes training painless for everyone 

Dark Web Monitoring   


Dark Web ID is the answer.    

  • 24/7/365 monitoring using real-time, analyst-validated data     
  • Monitoring of business and personal credentials, including domains, IP addresses and email addresses     
  • Gain priceless peace of mind about dark web dangers 

Identity and Access Management (IAM)


Passly is the perfect multi-tool for IAM packing four essentials into one affordable package

  • Get two-factor authentication (2FA), single sign-on, secure password vaults with one solution
  • Simple, intuitive remote management
  • Roll it out in a snap with easy deployment and seamless integration with common business applications

Automated, AI-powered Antiphishing Email Security    


Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.     

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.       
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.      
  • 3 layers of powerful protection at half the cost of competing solutions      
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.  

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>