Email Security

    6 Reasons Social Engineering Is More Successful in Holiday Seasons

    Cybercriminals purposely target users during holiday vacations – here’s why

    by Brian Pinnock

    Key Points

    • While social engineering attacks are a potential hazard for organizations all year, they are especially successful during holiday seasons.
    • Cybercriminals seek to take advantage of key personnel being out on vacation and users being distracted by a number of factors during the holidays.
    • Mimecast has compiled six reasons social engineering attacks are more successful during the holidays, hoping to arm organizations with the insight needed to help stop these attacks. 

    Cyberattacks are continually on the rise, becoming more and more sophisticated as time goes on. Organizations attempt to combat these attacks with emerging technology such as AI-based security tools and security awareness training. And while these solutions can help thwart many attacks, users remain the most vulnerable link in the cybersecurity chain.

    Distracted Users Unknowingly Help Cybercriminals

    Cybercriminals rely on users being distracted, overworked, negligent, and complacent. Each day these threat actors set out to find weaknesses in security at companies of all sizes, all around the world. Sadly, they don’t usually have to go far – or wait too long – before human error results in a foothold inside a secure network.

    And at no time of the year is this vulnerability greater than during holiday seasons. Workers are distracted by upcoming time off from work, holiday event planning, travel, family relationships, financial concerns, and a host of other factors that are especially distracting during the holidays.

    In a rush to leave the office to begin the holidays, are emails that should never have been opened being opened? Are links that never should have been clicked being clicked? Are social engineering and other aggressive attack tactics being overlooked?

    Six Things to Look for During the Holidays

    Every year, holiday seasons prove to be a liability for organizations when it comes to security. A recent infographic from Mimecast takes a look at social engineering attacks, phishing attempts, and executive impersonations and offers six reasons why these cyberattacks are all more successful during holiday vacations:

    1. Cybercriminals know people are out of the office and can take advantage of workers being prone to skipping checks and balances when managers and approvers are away.
    2. Employees take their work devices with them on vacation, making them more vulnerable to being physically stolen during travel.
    3. Cybercriminals take advantage of security lapses in Wi-Fi hot spots when traveling employees connect their devices to unfamiliar and unsecure networks.
    4. IT professionals are on vacation, and while cybersecurity is everyone’s responsibility, the fact remains that critical system updates and cyber breach remediation can take much longer when IT staff are away. 
    5. Employees create the biggest holiday season threat, human error, in particular errors that can occur when workers are distracted or rushed, making it very easy for cybercriminals to quickly build the trust they need to then ask for sensitive information, or even worse, a fraudulent transaction.
    6. Employees share information about their vacations online, arming cybercriminals who might be tracking them with exactly what they need to know to exploit security weaknesses through pretexting and other social engineering attacks.

    The Bottom Line

    Social engineering is a growing issue in cybersecurity, but the tools to counteract this practice are on hand. Holistic email security policies, when paired with strong cybersecurity awareness training, can also help security teams stay on point and evolve their defenses to block the attackers’ latest tactics. See how Mimecast uses AI to thwart social engineering.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page