Semperis research has warned a Monday-to-Friday mentality means security teams are notoriously understaffed outside of business hours, making holidays and weekends prime time for cybercriminals.
Cyberattackers are targeting holidays and weekends to cause maximum disruption, yet many UK businesses remain underprepared outside of standard working hours.
With over half of UK organisations leaving security teams understaffed during these critical times, there is a greater risk of attacks that are designed to disrupt day-to-day life. This is according to new research conducted by Semperis, a pioneer in identity-driven cyber-resilience.
The research found that 72% of UK organisations reported experiencing ransomware incidents during holidays and weekends when security teams aren’t working at full capacity. Similar trends were noted across other major countries, with 70% of US respondents and an astonishing 81% of respondents from France also reporting attacks.
The study, which surveyed nearly 1,000 security professionals across various industries, highlights how businesses remain at considerable risk, especially when their SOC (Security Operations Centre) is under-resourced outside of business hours.
Notably, the finance and manufacturing sectors are identified as highly susceptible, with 78% of global respondents from finance and 75% from manufacturing and utilities confirming ransomware incidents on holidays or weekends.
‘Round the clock’ security teams operate at only 25% capacity
Despite the on-going risk, over half (52%) of UK businesses admitted their SOC is only partially staffed on bank holidays and weekends. One-in-20 don’t staff their SOC at all during those times. Two-fifths (42%) of UK respondents who claimed to maintain a 24/7/365 SOC said it only operates at 25% capacity. With fewer eyes on the network traffic and less attention to suspicious activity, hackers can slip in unnoticed – leaving organisations wide open to cyberattacks.
The impact of this is clear in high-profile cyberattacks designed to hurt businesses and their customers as much as possible. In the US, the Colonial Pipeline ransomware attack caused widespread fuel shortages and hit on Mother’s Day, while in the UK, the 2023 attack on payroll provide, Zellis, unfolded over a weekend affecting tens of thousands of British Airways, Boots and BBC staff. The recent Transport for London (TfL) hack, which highlighted the growing threat of cyberattacks on public infrastructure, started on a Sunday.
“Cyberthreats don’t take a holiday,” said Dan Lattimer, Area Vice President, Semperis. “In fact, attackers are exploiting quieter times when they know they may be more successful – using periods of understaffed security operations to their advantage. Our research report is an urgent wake-up call that you can never take your eye off the ball; the threat to business, critical infrastructure and consumers is constant.”
Work-life balance more important than cyberdefence
Asked why their organisation scaled back IT and security staffing at weekends and during holidays, a third (34%) of UK respondents said they ‘did not think full staffing was necessary considering most employees work only during weekdays’. The same number said they ‘did not think our business would be targeted by hackers’ and a third felt it wasn’t necessary because ‘their business has never been targeted in the past’.
Other top reasons given were ‘our business is open Monday-Friday only’ (31%) and ‘work/life balance is important’ (31%) – highlighting that security gaps could arise from a weak security culture.
The problem doesn’t stop there. Identity is now the core entry point for the vast majority of cyberattacks and when attackers take the identity system – usually Microsoft Active Directory – down, the entire business grinds to a halt. However, the Semperis research also found that a quarter (25%) of UK respondents don’t feel their organisation has the necessary expertise to adequately protect it against identity-related attacks. Over one-in-five (22%) UK businesses don’t have an identity recovery plan in place.
“It’s high time businesses realised that cyberthreats are present around the clock,” said Simon Hodgkinson, Strategic Advisor, Semperis. “The stark reality is that they are much more vulnerable when their SOC isn’t fully staffed. In addition, securing business-critical infrastructure such as core identity systems should be at the top of every organisation’s priority list – not an afterthought. It is worrying to see that so many organisations don’t allocate enough time, budget and resources to protecting their most vulnerable assets.
“You really need to have someone on call all the time. Security teams could rotate responsibility with some employees taking weekdays off to ensure adequate staffing levels,” Hodgkinson added. “In addition, organisations must have solid emergency procedures in place, with a tried and tested incident response plan that allows them to contain threats and restore operations quickly should an attack happen – regardless of whether the attacker strikes on a Sunday or a Tuesday.”
