Organisations commonly scale back SOC staffing during holidays and weekends.
Around three-quarters of ransomware victims were targeted on a holiday or weekend, according to new research.
The 2024 Ransomware Holiday Risk Report from Semperis surveyed 900 IT and security leaders, and found 72 percent were attacked outside of working hours.
It also found that 85 percent of organisations that maintain a year-round, 24-hour SOC reduce staff levels on holidays and weekends by up to 50 percent, due to staffing challenges and difficulty justifying higher overtime costs when most employees are out of the office.
Scaling Back
Organisations that scaled back SOC staffing during holidays and weekends did so because:
They did not think it was necessary, considering most employees work only during weekdays or their business was open only Monday through Friday.
Their business had never been targeted by ransomware, or they did not believe that it would be targeted.
They were attempting to maintain a work-life balance for staff
Speaking to SC UK, Simon Hodgkinson, strategic advisor at Semperis and former CISO at BP, said the holidays and weekends are “when people are most vulnerable.”
“About a third of the organisations said ‘we don't staff up our Security Operations Center fully at weekends and holidays.because the business doesn't run at weekends and holidays’, but that for me is a mismatch between the executive team and the technology functions,” he said.
“If the executive teams recognise they're a digital business and they recognise to deliver a cup of tea in here, whether it's delivering a car, whether it's delivering fuel like Colonial pipeline to gasoline to retail stations across the east coast, at the heart of that is the digital system.”
Hodgkinson said that understanding that your adversaries don't sleep, there are no borders, boundaries, or time zones. “they're going to attack you at your most vulnerable moment and if you're understaffing things like your Security Operations Center during those periods, you're more likely to get hit.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
