{"id":4206,"date":"2025-08-01T07:00:00","date_gmt":"2025-08-01T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4206"},"modified":"2025-08-01T07:00:00","modified_gmt":"2025-08-01T07:00:00","slug":"summer-why-cybersecurity-must-be-strengthened-as-vacations-abound","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4206","title":{"rendered":"Summer: Why cybersecurity must be strengthened as vacations abound"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Summer is a time for vacation and a well-deserved break from the intensity of work. It\u2019s also a great time to be targeted for a cyberattack.<\/p>\n

While cybercriminal activity extends throughout the year, summer has a special quality for cyber attackers. Whether it\u2019s because our guard is down more than usual, because the weather invites us to relax, various studies show that the summer is one of the peaks of the year in terms of criminal activity in all areas, and cybersecurity is no exception \u2014 with more aggressive and indiscriminate campaigns awaiting organizations across every industry.<\/p>\n

Why do cyberattacks peak in summer?<\/h2>\n

First, remote work intensifies. The beach, the mountains. Too many attractions not to embrace teleworking.<\/p>\n

\u201cMany people connect from less controlled locations, such as second homes, hotels, or airports, using public or unsecured Wi-Fi networks, which are much more prone to attacks such as network spoofing or data interception,\u201d says Guillermo Fern\u00e1ndez, sales engineer for Southern Europe at WatchGuard Technologies. \u201cFurthermore, those who are not used to working remotely on a regular basis may not be aware or have adequate knowledge of good digital practices. Added to this is the fact that, in many cases, to avoid taking their corporate laptop with them, some employees resort to personal devices with fewer security measures \u2014 outdated systems, without antivirus or encryption, for example \u2014 which further increases their exposure to risk.\u201d<\/p>\n

Guillermo Fernandez, Sales Engineer for Southern Europe at WatchGuard Technologies.\n

WatchGuard Technologies.<\/p>\n<\/div>\n

Another important point is that, during the summer, attackers know that many IT and cybersecurity teams are operating with more limited resources or with staff on vacation. \u201cThey take advantage of this to launch\u00a0phishing\u00a0campaigns and other targeted attacks, aware that attention and vigilance often decrease,\u201d Fern\u00e1ndez continues.<\/p>\n

Finally, we must not forget the physical risk, as the mobility of devices also increases the likelihood of theft or loss, with the consequent danger of sensitive information falling into the wrong hands.<\/p>\n

\u201cUltimately, summer isn\u2019t just a time of rest; it\u2019s also a time when companies must take extreme precautions and keep their cybersecurity policies active and adapted to the context,\u201d he advises.<\/p>\n

Increased cybersecurity risks<\/h2>\n

Cybersecurity risks tend to increase significantly in the summer, with attacks increasing by an average of 30% in the summer months of 2024 alone, notes\u00a0Bel\u00e9n Ferreiro, cybersecurity account manager at Altia.<\/p>\n

\u201cThis is no coincidence,\u201d she explains via email. \u201cMany companies are operating with fewer staff; IT and security teams have fewer resources; and there\u2019s a tendency to put off important tasks like updates, access checks, and backups until after work. All of this leaves doors open for attackers to exploit.\u201d<\/p>\n

Bel\u00e9n Ferreiro, Cybersecurity Account Manager at Altia.\n

Altia<\/p>\n<\/div>\n

Then there\u2019s all the activity typical of summer: online reservations,\u00a0online\u00a0shopping, and so on. \u201cCybercriminals know this and use it to their advantage, launching\u00a0phishing\u00a0campaigns that perfectly imitate emails from airlines, apartments, or payment platforms,\u201d Ferreiro says.<\/p>\n

\u201cUltimately, the risk is twofold: more attack attempts and fewer eyes on the lookout to detect them and react quickly. If, on top of that, there\u2019s no clear protocol for who will act if something happens, or backups aren\u2019t properly tested, an incident can become critical without anyone detecting it in time,\u201d Ferreiro says.<\/p>\n

That\u2019s why she doesn\u2019t want this message to fall on deaf ears: Cybersecurity isn\u2019t going on vacation. \u201cOn the contrary, it\u2019s just the right time to thoroughly review everything, strengthen controls, and remind staff that, even though we\u2019re disconnecting, we can\u2019t let our guard down,\u201d she says.<\/p>\n

Not all threats rise in summer<\/h2>\n

According Josep Albors, director of research and awareness at ESET Spain, not every threat becomes more prominent at this time of year.<\/p>\n

\u201cFor example, if we review our telemetry data, we\u2019ll see that detections of cyberthreats targeting the corporate sector decrease in the summer, which is normal due to less work activity during this period,\u201d he says. \u201cOn the other hand, for some threats targeting individual users, we do see increases during the summer period, due to the increased use of devices for leisure purposes, which means that many users become careless and become an attractive target for cybercriminals.\u201d<\/p>\n

Josep Albors, director of research and awareness at ESET Spain.\n

ESET.<\/p>\n<\/div>\n

Be that as it may, Jaime Bala\u00f1\u00e1, technical director of NetApp for Latin America, advised organizations to be on the lookout for one threat in particular:\u00a0ransomware.<\/p>\n

\u201cRansomware\u00a0remains the main threat, not only because of its destructive capacity, but also because of the speed with which it can compromise an entire infrastructure, as it has become faster, more targeted, and more silent,\u201d he says. \u201cAdded to this is the rise of targeted\u00a0phishing, driven by generative AI tools that make it very difficult to differentiate legitimate communication from malicious ones. We must also consider the internal risk, which increases when teams are overloaded or security protocols are unclear.\u201d<\/p>\n

Jaime Bala\u00f1\u00e1, NetApp technical director for Latin America.\n

NetApp.<\/p>\n<\/div>\n

Carlos Rubio, director of architecture and cybersecurity solutions at GFT, adds credential compromise to the list of more likely attacks in summer.<\/p>\n

\u201cPersonal devices or public Wi-Fi networks are often used without adequate measures, facilitating credential theft or the interception of communications; and\u00a0shadow\u00a0IT and the use of noncorporate applications, due to less oversight and risky behaviors, increase, such as working from\u00a0unapproved\u00a0apps or sharing documents through insecure means.\u201d<\/em><\/p>\n

Carlos Rubio, Director of Architecture and Cybersecurity Solutions at GFT.\n

GFT.<\/p>\n<\/div>\n

As for using personal devices to access corporate information, Guillermo Fern\u00e1ndez says, \u201cThese devices often have less protection against threats and, in some cases, even lack advanced security solutions.\u201d<\/p>\n

He adds: \u201cIn the summer, deception attempts increase because attackers know that people are more relaxed, disconnected, or even outside their usual routines, making it easier for them to fall for fraudulent emails, malicious messages, or compromised links.\u201d<\/p>\n

Never let your guard down<\/h2>\n

\u201cThere\u2019s a false sense of pause in the summer, when in reality systems continue to operate, threats persist, and attackers are active. Many companies lower their level of surveillance just when they should be reinforcing it,\u201d Rubio says, adding that the confidence effect of leaving operations on autopilot for a few weeks creates a window of opportunity that attackers are aware of and exploit. \u201cYou have to be aware of this to mitigate it.\u201d<\/p>\n

\u201cThe key is anticipation and preparation,\u201d says\u00a0Juan Francisco Cornago, director of cybersecurity at Babel, via email. He recommends \u201creviewing continuity plans, reinforcing monitoring with automated tools, protecting remote access with strong authentication, enforcing password changes, keeping response teams operational, and, above all, raising internal awareness of risks inherent to the summer period.\u201d<\/p>\n

And in his opinion, \u201ca well-designed awareness campaign before the holidays can make a real difference.\u201d<\/p>\n

\u00c1ngel Serrano, solutions consulting manager at Palo Alto Networks, agrees with the advice to emphasize reviews at this time.<\/p>\n

\u201cFirst of all, it\u2019s a good idea to review how, from where, and with what protection employees connect during the summer. Working from open Wi-Fi networks without a corporate VPN is a serious mistake, not always due to ignorance, but rather convenience,\u201d he says. \u201cSecuring traffic, verifying the device, applying multi-factor authentication, and limiting access privileges are basic measures, but they\u2019re often not applied with the same rigor outside the office. And when the perimeter disappears, the\u00a0zero trust\u00a0model becomes more important than ever.\u201d<\/p>\n

He adds: \u201cTo this we must add the physical protection of devices. Encryption by default, remote management, automatic locking, and clear policies regarding data use and storage outside the office are critical measures.\u201d<\/p>\n

\u00c1ngel Serrano, Solutions Consulting Manager at Palo Alto Networks.\n

Palo Alto Networks.<\/p>\n<\/div>\n

Finally, Serrano emphasizes heightening awareness.\u00a0\u201cPhishing\u00a0drills, operational reminders, and training sessions all help. And if security teams are understaffed, AI-based automation can detect behavioral anomalies and contain threats without immediate human intervention,\u201d he says.<\/p>\n

More training neccessary<\/h2>\n

Babel\u2019s Cornago believes that cybersecurity training<\/a> remains one of the most exploited weaknesses by attackers. \u201cTechnology alone cannot prevent incidents if the human factor fails,\u201d he emphasizes. \u201cThat\u2019s why it\u2019s so important to implement a cross-functional cybersecurity culture, where all employees \u2014 not just technicians \u2014 know how to act, what signs to look for, and what they shouldn\u2019t do.\u201d<\/p>\n

Unfortunately, he adds, \u201cwe already know all this, and we keep failing.\u201d<\/p>\n

\u201cThe problem isn\u2019t just knowledge, but our cognitive resilience, and that\u2019s precisely where companies should focus their efforts. Let\u2019s not keep making the same mistakes over and over again,\u201d he says.<\/p>\n

One mistake Cornago sees is a tendency in summer to let one\u2019s guard down. \u201cParadoxically, just when we should be most protected, many organizations reduce their monitoring and response capabilities,\u201d he says.<\/p>\n

\u201cStrengthening monitoring, maintaining prepared on-call shifts, and training employees in good digital practices are essential measures,\u201d he says. \u201cCybersecurity isn\u2019t seasonal or exclusive to the technical department: It\u2019s a shared responsibility that must be maintained 365 days a year by 100% of the workforce and its supply chain.\u201d<\/p>\n

NetApp\u2019s Bala\u00f1\u00e1 also advocates for improved training regimens. \u201cContinuous programs are needed, tailored to the different profiles of the organization, that explain not only what to do, but also why and what happens if we don\u2019t do it right,\u201d he says.<\/p>\n

GFT\u2019s Rubio agrees.<\/p>\n

\u201cSummer, due to its unique nature, is an ideal time to reinforce this learning, as changes in routine and less supervision can test acquired security habits,\u201d he says. \u201cEngaging in practical, contextualized, and regular training can make a difference and significantly strengthen the organization\u2019s cybersecurity culture.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Summer is a time for vacation and a well-deserved break from the intensity of work. It\u2019s also a great time to be targeted for a cyberattack. While cybercriminal activity extends throughout the year, summer has a special quality for cyber attackers. Whether it\u2019s because our guard is down more than usual, because the weather invites […]<\/p>\n","protected":false},"author":0,"featured_media":4207,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4206","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4206"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4206"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4206\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4207"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}