Ransomware risk rises during holidays, warns Semperis

Cybersecurity experts from Semperis have released new research highlighting the increased risk of ransomware attacks during holidays and weekends.

According to the 2024 Ransomware Holiday Risk Report by Semperis, 69% of organisations in Australia and New Zealand fall victim to ransomware attacks during these times when employee distraction is higher. Despite this elevated risk, 78% of companies admit to reducing their security staffing by up to 50% during non-business hours, increasing their vulnerability.

Malcolm Turnbull, former Prime Minister and Strategic Advisor at Semperis, stated: "Companies should not lower their guard against cyberattacks during holidays and weekends. Instead, they should bolster their defences against ransomware attacks during these times. The most effective protection against threats during the holidays is maintaining awareness and having a robust backup and recovery plan ready to deploy when needed."

This issue is further compounded by a significant cybersecurity skills shortage, with AustCyber estimating that an additional 5,000 cybersecurity workers will be needed annually to fill the gap by 2030. This shortage leaves Australian businesses particularly exposed, with high-profile attacks such as the incidents at St Vincents Private Hospital and the Victorian Supreme Court occurring in late December and early January, respectively.

The Semperis report also found that half of the respondents who were attacked had been targeted during significant corporate events such as mergers or acquisitions, with the IT/Telecom industry being the most affected sector, seeing 54% of such attacks.

Kemba Walden, President of Paladin Global Institute and former Acting U.S. National Cyber Director, commented on these findings: "Cyberattacks, including ransomware, often happen in the cracks—during mergers, acquisitions, layoffs, and in the seams of supplier-vendor relationships. To combat never-ending ransomware attacks, organisations should focus on building resilience into networks."

In many cases, cyber attackers compromise the identity systems within organisations, predominantly targeting Microsoft Active Directory (AD) or Entra ID. There is a growing recognition of this issue in the ANZ region, with 83% of organisations reporting that they have dedicated budgets for securing core identity systems like AD.

Mickey Bresman, CEO of Semperis, emphasised the importance of resilience: "Seeing how vulnerable AD is, corporate leaders should reevaluate risk from an operational resilience perspective to better understand the exposure of their IT infrastructure. Every corporate board should ask their CISO what their level of risk is and which systems, if taken out, would completely cripple their business. You will find that AD compromises take down entire networks, leaving most organisations scrambling to recover."

Despite 83% of surveyed organisations having an identity recovery plan in place, an equal percentage reported experiencing successful ransomware attacks within the past year, indicating a disconnect between preparedness and actual outcomes.