Cybereason Research Finds Organizations Unprepared for Ransomware Attacks on Weekends and Holidays

In June of 2021, Cybereason published a global research report, titled Ransomware: The True Cost to Business, which revealed that the vast majority of organizations that have suffered a ransomware attack experienced significant impact to the business as a result. The consequences included loss of revenue, damage to the organization’s brand, unplanned workforce reductions, and disruption of business operations. 

Cybereason has just released follow-up research, titled Organizations at Risk: Ransomware Attackers Don’t Take Holidays, that focuses on the threat that ransomware attacks during the weekends and holidays poses to organizations as we move into the holiday season. The global survey includes responses from 1,200+ security professionals at organizations that have previously suffered a successful ransomware attack.

There have been over 200 ransomware attacks that have made headlines in 2021 so far—and those are just the ransomware attacks that have been acknowledged publicly. Tech giants Acer and Apple were each hit with $50 million ransom demands, and the Colonial and JBS attacks impacted critical infrastructure supply chains in the United States and disrupted the economy.

If a significant ransomware attack occurs over the upcoming holidays, it may have devastating consequences for organizations caught off guard. Cybereason conducted this research to provide insight into the disconnect between the perceived risk from weekend and holiday ransomware attacks and the actual risk to organizations. 

The new Cybereason report revealed that 36% believe the attack their organizations experienced was successful because there was no contingency plan in place and only a limited number of staff to respond. The study also found that 24% still do not have specific contingencies in place to assure a prompt response during weekend and holiday periods despite having already been the victim of a ransomware attack. 

The findings highlight a disconnect between the risk ransomware poses to organizations during these off-hour periods and their preparedness to respond moving into the holiday season.

The Impact to Organizations

The lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on victim organizations, with 60% of respondents saying they resulted in longer periods to assess the scope of an attack, 50% saying they required more time to mount an effective response, and 33% indicating they required a longer period to fully recover from the attack. 

One factor in the inability to mount a timely response was revealed by 35% who said it took longer to assemble the right team to mount a response. Delayed response times increased the financial impact to victim organizations, with 12% of respondents saying their organizations suffered more revenue losses as a direct result.

Some of the factors for the disconnect between the perceived threat to and actual risk posed by a weekend or holiday attack include 20% stating they believed their organization would never be the target of a ransomware attack, and 63% stating they believed the attackers were an advanced nation-state threat actor despite the majority of ransomware attacks being conducted by cybercriminal organizations.

The Technology Role

Another indicator of the disconnect between the perceived risk and preparedness includes the fact that although 90% said they are concerned about attacks during weekend and holiday periods, 49% said the ransomware attack against their organization was successful because they did not have the right security solutions in place. Just 67% of organizations had a NextGen Antivirus (NGAV) solution deployed at the time of the attack, 46% had a traditional signature-based antivirus (AV) in place, and only 36% had an Endpoint Detection and Response (EDR) solution in place.

To better prepare for weekend and holiday ransomware attacks, 68% said they are planning to add new technologies, 51% said they are implementing a contingency plan, and 41% said they are adding more staff during weekend and holiday periods.

The Human Element

On the human side of the equation, 86% of respondents indicated they have missed a holiday or weekend activity because of a ransomware attack, a situation that can factor into employee job satisfaction and potential burnout.

One surprising finding in the study included 70% of respondents confessing that they have been intoxicated while responding to a ransomware attack during a weekend or holiday, a risk factor that many organizations may not have accounted for in their incident response planning.

Retail and Transportation Sector Findings

As we enter the holiday season, the Retail and Transportation sectors present high-value targets for ransomware attackers given the potential for disruption and lost revenue that act as incentives for victims to pay higher ransom demands. Key findings for these include:

    • 90% in Retail and Transportation concerned about a ransomware attack during the upcoming holiday season
      • Highly concerned: Retail 50%; Transportation 48%
      • Somewhat concerned: Retail 40%; Transportation 24%
    • Nearly 25% in both Retail and Transportation Sectors do not have a cybersecurity plan for upcoming holiday or weekends
    • Nearly 70% in both Retail and Transportation said previous ransomware attack was successful because they did not have the right security solutions in place
    • Initiatives to improve preparedness after successful ransomware attack:
      • Adding new technologies: Retail 67%; Transportation 64%
      •  Implementing contingency plan: Retail 45%; Transportation 60%
      •   Increasing staff during off-hours: Retail 41%; Transportation 40%
    • 24% of organizations in Retail and Transportation still do not have a specific contingency plan in place to address the risk from weekend and holiday attacks despite suffering a ransomware attack previously
    • 73% of respondents in Retail and 80% in Transportation admitted to being intoxicated when responding to an attack during weekend and holiday periods

The full report can be obtained here: Organizations at Risk: Ransomware Attackers Don’t Take Holidays. Cybereason is dedicated to teaming with defenders to end ransomware attacks on the endpoint, across the enterprise, to everywhere the battle is taking place.  Join us for an informative webinar on December 1st at 1:00pm ET examining the details of the report and steps to better defend against ransomware attacks on weekends and holidays. 

Cybereason also announced availability of the Cybereason Predictive Ransomware Protection solution--an AI-powered, enterprise grade anti-ransomware solution designed to detect the most subtle of adversary behaviors at the earliest stages of an attack and automatically end the operation before any data exfiltration or encryption can occur.

Cybereason is dedicated to teaming with defenders to end ransomware attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about the Cybereason Predictive Ransomware Protection solution, browse our ransomware defense resources, or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.


Research Methodology

This research was conducted by Censuswide in September of 2021 and includes responses from cybersecurity professionals from around the world regarding their experience with ransomware attacks occurring on weekends and holidays. The study surveyed 1,206 participants working at organizations with 700 or more employees from across the United States, United Kingdom, France, Germany, Italy, Singapore, South Africa, Spain and the UAE. All study respondents have been victims of a ransomware attack during a holiday or weekend in the last 12 months.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed