Skip to content

Holiday Season Increases Attack Risks Through Reduced IT Teams and Longer Response Times

The Point: Holiday-related reductions in IT team capacity and longer response times make companies more vulnerable to identity attacks during summer months, particularly when compromised credentials and AI-powered phishing messages are deployed.

While employees take vacation during summer months, cybercriminals exploit reduced security staffing and delayed response times. Security provider Sophos warns of longer detection times and an expanded attack surface due to remote work.

During vacation periods, the security situation for many companies measurably deteriorates. Holiday cover arrangements in IT departments, reduced team size, and delayed responses to security incidents create an environment where attackers can remain undetected for longer. Particularly critical is when attacks begin outside regular business hours: if criminals manage to operate undetected for hours or days, they can spread through the network, steal additional credentials, and infiltrate further systems.

According to the Sophos Active Adversary Report 2026, 67 percent of security incidents investigated in 2025 resulted from identity attacks. In 42 percent of cases, compromised credentials were the cause. This attack method becomes particularly effective during vacation time because limited monitoring and response capability give criminals longer operational windows. Michael Veit, security expert at Sophos, summarizes this: “Cybercriminals don’t take a summer break. Companies, however, often operate with reduced staff during holidays. Response times extend, the attack surface grows through remote work, and warning signs are more easily overlooked.”

Hotels, travel agencies, and the hospitality industry are increasingly in the focus during summer months. Sophos has observed campaigns since 2023 in which attackers first steal employee credentials through phishing and then use actual guest data (names, stay dates, prices) to contact travelers through supposedly legitimate channels. High transaction volumes and time pressure in bookings make such attacks particularly successful there.

Artificial intelligence significantly accelerates these attack methods. AI-powered tools enable attackers to create linguistically secure and targeted phishing messages in multiple languages that can be adapted to different recipients – classic warning signs like grammatical errors are eliminated. In addition to emails, SMS and phone calls are used with time-pressure tactics. According to Sophos, missing or improperly configured multi-factor authentication (MFA) was a factor in 59 percent of incidents investigated in 2025. The company recommends implementing MFA consistently on critical systems before peak travel season and reviewing security monitoring processes.


Source: www.it-daily.net · Published 22 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: