During the night before Christmas in 2023, cyber attackers struck the Ohio State Lottery, forcing the shutdown of various systems. Simultaneously, the Dark Web hosted a “Leaksmas” event, where cyber offenders shared pilfered data as a holiday gesture. The month of December 2023 witnessed the compromise of over 2 billion records and the disclosure of 1,351 security incidents, based on research by IT Governance — marking a surge of 332% and 187% compared to November.
In December, particularly in the United States, cyberattacks and data leaks peak, as businesses and employees shift into holiday mode between Thanksgiving and New Year’s. This period brings about either a spike in online traffic for some sectors, prioritizing business continuity, or a reduction in operations or workforce for others.
Adversaries capitalize on this scenario, viewing it as a window of opportunity to launch attacks. As highlighted by CISA, the holiday lull in December “serves as a prelude for malicious elements to exploit networks and initiate ransomware campaigns,” given the limited availability of network defenders and IT support within targeted organizations.
Dealing with cyber risks is challenging at the best of times, but how can companies safeguard their data and networks when distractions affect employees (leading to lapses in best cybersecurity practices) or when security personnel operate at reduced capacity? We had conversations with 18 cybersecurity experts from diverse sectors to understand how their organizations handle security concerns during the holiday season.
Staffing Reduction and Leave
Out of the 18 experts surveyed, only two completely suspended operations. Most organizations opt to decrease working staff or allow more flexible time off while maintaining standard cybersecurity protocols.
Christopher Callahan, Chief Information Security Officer at Weichert Companies, stated, “While we don’t cut back on staff hours during holidays, many employees take leave or lose accrued time off.” During such periods, Callahan mentioned outsourcing detection and response functions to a third-party to ensure constant coverage.
Sheshananda Reddy Kandula, Senior Security Engineer at Adobe, remarked, “We maintain our staffing levels during holidays but maintain complete contact details of the entire team for swift coordination and response in case of incidents.”
Discussing the holiday staffing approach, Bryon Singh, Director of Security Operations at RailWorks Corporation, added, “We operate with reduced staff during holidays but ensure adequate coverage for continued support. Security operations demand meticulous attention to off-duty personnel to avoid lapses in protocols.”
While several respondents highlighted the necessity of maintaining cybersecurity standards even during periods of reduced staffing or temporary office closures, adjustments are often made through enhanced automation in threat monitoring, increased surveillance, and well-structured incident response strategies.
Explore cybersecurity services
Alterations to Security Protocols
To adapt to reduced workforce or partial shutdowns, organizations typically implement temporary modifications to fundamental cybersecurity practices. Half of the organizations halt updates and patches, six adjust their incident response protocols and elevate alert mechanisms, and four restrict account access.
Kapinder Diwan, Director of Information Security at Tradeweb, chooses to freeze updates and patches to ensure operational stability amid reduced holiday workforce availability. Exceptions are made for critical or emergency updates. Muthukumar Devadoss, Diwan’s colleague, detailed an alternative operational plan enacted by the security team to replicate disaster recovery scenarios during holidays.
Stan Mierzwa, Director and Lecturer at the Center for Cybersecurity, Transformational Learning and External Affairs at Kean University, emphasized the importance of fostering sector-specific situational awareness. “Enhanced open-source intelligence gathering allows targeted strategizing during the holiday period,” Mierzwa recommended.
Some individuals leverage the holiday time to prepare for future cybersecurity initiatives. For instance, Geoffrey Adamson, Governance Risk, and Compliance Manager at TD Bank, intends to gear up for cybersecurity exams in 2025 during the holiday season.
Lessons from Holiday-Period Incidents
Despite robust preventive measures, adversaries sometimes succeed during the holiday season.
Kayla Williams, Chief Information Security Officer at Devo, shared an experience: “In a previous role, a security incident related to a product occurred during the holidays, resulting in data exposure due to unavailable product team members. To prevent such scenarios, I enforced a policy limiting staff absence to 20% at a time, not just during holidays. This practice, implemented in subsequent roles, aims to enhance security coverage.”
Umair Mazhar, a cybersecurity professional, highlighted the vulnerability of holiday periods to cyber incidents, narrating an incident where his organization encountered a ransomware attack on Christmas. “The attack exploited an unpatched vulnerability in loosely monitored systems aiming to encrypt critical data. Swift actions from our offshore team aided in managing the attack surface effectively,” Mazhar stated.
Bryon Singh’s firm faced a holiday cyber intrusion: “We experienced an intrusion through a vulnerability in our firewall’s SSL VPN. Through rapid alerts and collaboration with our SOC, we swiftly contained and mitigated the incident.”
The recurring theme in these anecdotes is the importance of proactive planning, resulting in minimal impact or serving as a learning opportunity for future prevention strategies.
For all your cybersecurity needs, including incident response, threat intelligence, or offensive security services, reach out to scheduled assistance.
If you encounter cybersecurity challenges or incidents, connect with X-Force for assistance: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.