NEW study shows that ransomware groups prefer to strike companies outside business hours on holidays and weekends and during material events, when defenses are weakest and security staffing is reduced
HOBOKEN, NJ – November 20, 2024 – Semperis, a pioneer in identity-driven cyber resilience, today published results of a global ransomware study that shows striking gaps in ransomware defenses related to reduced security staffing during holidays and weekends. Attackers expect this behavior and carry out ransomware attacks during these periods, as well as during material corporate events, when employee distraction is high.
“Threat actors are calculated and persistent in their attack methods. Security awareness and functionality do not wax and wane. If anything, organizations should increase their security persistence on holidays and weekends, knowing that threat actors are not taking time off,” said Chris Inglis, Semperis Strategic Advisor and first U.S. National Cybersecurity Director. “You can never take a moment off in making your environment defensible, especially during the upcoming holiday season.”
The report, titled 2024 Ransomware Holiday Risk Report, found that 86% of surveyed organizations in the U.S., UK, France and Germany that were attacked were targeted on a holiday or weekend. Yet 85% of surveyed companies—90% in the U.S.—reduce security staffing by as much as 50% during those periods.
In addition, 63% of attacked respondents were targeted during a major corporate event such as a merger, acquisition, or IPO. In finance, that number jumped to 76%, which is alarming, given the presence of stricter security mechanisms such as Sarbanes-Oxley and Graham-Bliley.
In nine-out-of-ten ransomware attacks, hackers compromise an organization’s identity system, most often Microsoft Active Directory (AD) or Entra ID. Yet the study results show that 35% of organizations do not budget for the defense of AD or Entra ID. In addition, 61% of companies do not have dedicated AD or Entra ID backup systems in place.
“Seeing how vulnerable AD is, corporate leaders should reevaluate risk from an operational resilience perspective to better understand the exposure of their IT infrastructure,” said Mickey Bresman, CEO, Semperis. “Every corporate board should ask their CISO what their level of risk is and which systems, if taken out, would completely cripple their business. You will find that AD compromises take down entire networks, leaving most organizations scrambling to recover.”
Overall, organizations overestimate their identity defenses. Eighty-one percent of respondents believe they have the necessary expertise to protect against identity-related attacks, yet 83% suffered a successful ransomware attack within the past 12 months.
“Cyberattacks, including ransomware, often happen in the cracks—during mergers, acquisitions, layoffs, and in the seams of supplier-vendor relationships. To combat never-ending ransomware attacks, organizations should focus on building resilience into networks,” said Kemba Walden, Paladin Global Institute President, and former Acting U.S. National Cyber Director.
The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at https://www.semperis.com/ransomware-holiday-risk-report.
For more information about how Semperis helps global organizations improve cyber resilience, visit the Semperis Identity Resilience Platform page at https://www.semperis.com/identity-resilience-platform/.
About Semperis
For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis’ patented technology protects over 100 million identities from cyberattacks, data breaches and operational errors. The world’s leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in Hoboken, New Jersey, and operates internationally, with its research and development team distributed throughout the United States, Canada and Israel.
Semperis hosts the award-winning Hybrid Identity Protection conference and podcast series (www.hipconf.com) and built the community hybrid Active Directory cyber defender tools, Purple Knight (www.semperis.com/purple-knight/) and Forest Druid (www.semperis.com/forest-druid/). The company has received the highest level of industry accolades, recently named to Inc. Magazine’s list of best workplaces for 2024 and ranked the fastest-growing cybersecurity company in America by the Financial Times. Semperis is a Microsoft Enterprise Cloud Alliance and Co-Sell partner and is a member of the Microsoft Intelligent Security Association (MISA).
Learn more: https://www.semperis.com
Follow us: Blog / LinkedIn / X / Facebook / YouTube
Media Contact
Bill Keeler
Senior Director, PR & Comms
Semperis
billk@semperis.com
