Downtime for defenders means party time for attackers

Adversaries do not keep to a typical working schedule

clock • 1 min read
Downtime for defenders means party time for attackers
Image:

Downtime for defenders means party time for attackers

As 2023 draws to a close, cybersecurity teams may be looking forward to a well-deserved break before preparing for the year ahead.

However, the unfortunate truth is that adversaries do not keep to a typical working schedule and may see this downtime as an opportunity to attack.

Indeed, according to recent research by Sophos, payloads are typically launched outside of business hours, with many threat groups favouring evenings and weekend to launch attacks, and some coordinating activities to coincide with public holidays.

In addition, attackers are spending less time in networks, and are exfiltrating data faster than ever. Cybersecurity teams must therefore be ready to close the window quickly, stopping adversaries in their tracks.

Teams can't afford to take their eye off the ball, but they are only human. Over holiday periods and downtime, attackers have a greater chance of infiltrating networks, and once they are in, chances are they will steal data. This is why managed detection and response is an essential part of your security arsenal and why round-the-clock monitoring is needed to ensure adversaries do not take advantage of gaps in visibility.

A live webinar next week will look at how adversaries time their activities, and why the holidays may leave organisations especially vulnerable. Based on Computing's research, it will also explore why continuous, proactive monitoring and early detection is essential for organisations of all size.

And finally, it will look to the year ahead and what organisations should be doing to prepare for future threats.

Came along and bring your questions. We promise it will be time well spent.

Webinar Beyond the 9 to 5: How to protect yourself from 'after hours' cyber attacks, 6th December, 3pm. Register today.

 

You may also like
SophosEncrypt: Researchers expose new ransomware abusing the Sophos name

Threats and Risks

The executable uses 'Sophos' in the ransom notice and the '.sophos' extension for encrypted files

clock 19 July 2023 • 3 min read
3CX admits supply chain attack

Threats and Risks

Trojanised version of the 3CX desktop VoIP app observed communicating with C2 servers

clock 31 March 2023 • 2 min read
Over 4,000 Sophos firewall servers still vulnerable to code injection vulnerability

Threats and Risks

Miscreants could use the bug to launch remote code execution attacks

clock 18 January 2023 • 3 min read
Most read
01

Cyber incident disrupts another UK university

25 February 2024 • 2 min read
02

LockBit re-emerges a week after takedown

26 February 2024 • 2 min read
03
04

Inside KKR's $3.8bn offer for VMware EUC

27 February 2024 • 5 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

IT Essentials: LockBit and load

IT Essentials: LockBit and load

They fought the law, and the law won - for now

Tom Allen
clock 26 February 2024 • 2 min read
Law enforcement takes down LockBit - updated

Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Tom Allen
clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Microsoft's chief security advisor joins Cybersecurity Festival 2024

Sarah Armstrong-Smith will talk AI in security

Tom Allen
clock 19 February 2024 • 1 min read