The 3 Most Prevalent Cyber Threats of the Holidays

Chaos and volume of holiday season sales make a perfect storm of threat opportunity. Companies need to prepare — and practice! — action plans, identify key stakeholders, and consider cyber insurance.

Alex Waintraub, DFIR Expert Evangelist, CYGNVS

December 8, 2023

4 Min Read
Thief tying a bow on a Christmas present
Source: Sergey Mironov via Alamy Stock Photo

As many of us deck the halls, some folks are dealing with the cybersecurity holiday season — that perilous time of year rife with breaches, attacks, and threats in far greater frequency than in any other time of year. Salesforce forecasts 4% global and 1% US year-over-year online sales growth across November and December — reaching $1.19 trillion and $273 billion, respectively. The surge in cyber business is a welcomed challenge to any organization, with many generating the highest volume of sales per month during those few months.

The chaos and volume of the holiday season doesn't only affect retail organizations. Partners, developers, manufacturers, supply chain, technology providers, communication providers, transportation, support systems, and more are involved in orchestrating a smooth, successful holiday shopping season. These organizations all rely on technology to create, sell, supply, transport, and collaborate. The impact of the season is broad and wide, with connections that span organizations.

For Threat Actors, That Translates to Opportunity

The increased threat activity isn't just due to the volume of business being transacted over technology. There is a perfect storm brewing during that season — a culmination of complexity, resource constraints, and vulnerabilities.

Three threats are most prevalent during the holiday season:

  • Increased traffic upsets the balance. As business picks up, networks are strained, and employees are busier than usual. Slower networks can leave a company more vulnerable to denial of service (DoS) attacks, and resource-constrained employees may not be able to respond to threats as quickly as they can in other seasons. Attempted ransomware attacks, for example, are predicted to increase 70% in the months of November and December, as compared to January and February, with threat actors often assuming resource-constrained businesses will simply pay the ransom.

  • The deals are often too good to be true. Phishing attacks also increase as consumers shopping on their employers' networks are more apt to click a link while looking for a better deal, to stay within their holiday budget. According to experts, there is a 30% increase in the average number of ransomware attacks over the holiday period compared with the prior months.

  • The experts have left the building. Often, employees are out of the office on holiday between the months of November and January, offline, taking their expertise and acute understanding of specific systems with them. This increases the overall vulnerability of an organization.

Preparing a Defense

While the threat of a cyberattack is unavoidable, what you can control is how prepared you are for a threat, how quickly you can respond, and your ability to report on that crisis in a timely fashion to regulators, customers, and partners.

For businesses aiming to enhance their preparedness, I suggest taking a few crucial steps.

  1. Identify your team: Outline everyone’s roles and responsibilities — from internal stakeholders to external partners such as legal, insurance, and forensics. Having this clarity in a crisis facilitates a more efficient and rapid response.

  2. Have a plan: Focus on developing a plan with concrete tasks and next steps enabling your team to mobilize swiftly and efficiently.

  3. Practice your plan: Simply having a plan in place is insufficient. In my experience as an incident responder, I've encountered numerous situations where organizations had plans but never practiced them, resulting in their inability to efficiently recover their businesses. As my high school hockey coach often said, "Practice makes perfect," and that also goes for your incident response plans and almost everything else in life.  

  4. Have a place to communicate securely and confidentially: I've witnessed threat actors compromising IR engagements due to an IT personnel inadvertently emailing the CEO's business email during a live ransomware incident — thus informing the threat actor that digital forensics and incident response, legal, and insurance were involved. We continue to see this happening in the industry. Establishing a secure out-of-band place to communicate and collaborate is integral in your response and recovery efforts.

The holidays may be the most wonderful time of the year, but they're also the most prevalent time for cyberattacks. With a few simple steps, however, you can make strides to ensure your business is prepared for whatever the next few months have in store.

About the Author

Alex Waintraub

DFIR Expert Evangelist, CYGNVS

Alex Waintraub is a DFIR Expert Evangelist at CYGNVS, a first-of-its-kind, guided cyber crisis preparation and response platform. He has more than a decade of experience leading SOCs, incident response plans, threat intelligence operations and cyber threat hunting teams' response, containment, and remediation methods. Prior to joining CYGNVS, Alex served as VP of Incident Response for BNY Mellon, as well as led incident response and cyber operations at Barclays Investment Bank and BlueVoyant.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights