Summer is a time for vacation and a well-deserved break from the intensity of work. It’s also a great time to be targeted for a cyberattack.
While cybercriminal activity extends throughout the year, summer has a special quality for cyber attackers. Whether it’s because our guard is down more than usual, because the weather invites us to relax, various studies show that the summer is one of the peaks of the year in terms of criminal activity in all areas, and cybersecurity is no exception — with more aggressive and indiscriminate campaigns awaiting organizations across every industry.
Why do cyberattacks peak in summer?
First, remote work intensifies. The beach, the mountains. Too many attractions not to embrace teleworking.
“Many people connect from less controlled locations, such as second homes, hotels, or airports, using public or unsecured Wi-Fi networks, which are much more prone to attacks such as network spoofing or data interception,” says Guillermo Fernández, sales engineer for Southern Europe at WatchGuard Technologies. “Furthermore, those who are not used to working remotely on a regular basis may not be aware or have adequate knowledge of good digital practices. Added to this is the fact that, in many cases, to avoid taking their corporate laptop with them, some employees resort to personal devices with fewer security measures — outdated systems, without antivirus or encryption, for example — which further increases their exposure to risk.”
WatchGuard Technologies.
Another important point is that, during the summer, attackers know that many IT and cybersecurity teams are operating with more limited resources or with staff on vacation. “They take advantage of this to launch phishing campaigns and other targeted attacks, aware that attention and vigilance often decrease,” Fernández continues.
Finally, we must not forget the physical risk, as the mobility of devices also increases the likelihood of theft or loss, with the consequent danger of sensitive information falling into the wrong hands.
“Ultimately, summer isn’t just a time of rest; it’s also a time when companies must take extreme precautions and keep their cybersecurity policies active and adapted to the context,” he advises.
Increased cybersecurity risks
Cybersecurity risks tend to increase significantly in the summer, with attacks increasing by an average of 30% in the summer months of 2024 alone, notes Belén Ferreiro, cybersecurity account manager at Altia.
“This is no coincidence,” she explains via email. “Many companies are operating with fewer staff; IT and security teams have fewer resources; and there’s a tendency to put off important tasks like updates, access checks, and backups until after work. All of this leaves doors open for attackers to exploit.”
Altia
Then there’s all the activity typical of summer: online reservations, online shopping, and so on. “Cybercriminals know this and use it to their advantage, launching phishing campaigns that perfectly imitate emails from airlines, apartments, or payment platforms,” Ferreiro says.
“Ultimately, the risk is twofold: more attack attempts and fewer eyes on the lookout to detect them and react quickly. If, on top of that, there’s no clear protocol for who will act if something happens, or backups aren’t properly tested, an incident can become critical without anyone detecting it in time,” Ferreiro says.
That’s why she doesn’t want this message to fall on deaf ears: Cybersecurity isn’t going on vacation. “On the contrary, it’s just the right time to thoroughly review everything, strengthen controls, and remind staff that, even though we’re disconnecting, we can’t let our guard down,” she says.
Not all threats rise in summer
According Josep Albors, director of research and awareness at ESET Spain, not every threat becomes more prominent at this time of year.
“For example, if we review our telemetry data, we’ll see that detections of cyberthreats targeting the corporate sector decrease in the summer, which is normal due to less work activity during this period,” he says. “On the other hand, for some threats targeting individual users, we do see increases during the summer period, due to the increased use of devices for leisure purposes, which means that many users become careless and become an attractive target for cybercriminals.”
ESET.
Be that as it may, Jaime Balañá, technical director of NetApp for Latin America, advised organizations to be on the lookout for one threat in particular: ransomware.
“Ransomware remains the main threat, not only because of its destructive capacity, but also because of the speed with which it can compromise an entire infrastructure, as it has become faster, more targeted, and more silent,” he says. “Added to this is the rise of targeted phishing, driven by generative AI tools that make it very difficult to differentiate legitimate communication from malicious ones. We must also consider the internal risk, which increases when teams are overloaded or security protocols are unclear.”
NetApp.
Carlos Rubio, director of architecture and cybersecurity solutions at GFT, adds credential compromise to the list of more likely attacks in summer.
“Personal devices or public Wi-Fi networks are often used without adequate measures, facilitating credential theft or the interception of communications; and shadow IT and the use of noncorporate applications, due to less oversight and risky behaviors, increase, such as working from unapproved apps or sharing documents through insecure means.”
GFT.
As for using personal devices to access corporate information, Guillermo Fernández says, “These devices often have less protection against threats and, in some cases, even lack advanced security solutions.”
He adds: “In the summer, deception attempts increase because attackers know that people are more relaxed, disconnected, or even outside their usual routines, making it easier for them to fall for fraudulent emails, malicious messages, or compromised links.”
Never let your guard down
“There’s a false sense of pause in the summer, when in reality systems continue to operate, threats persist, and attackers are active. Many companies lower their level of surveillance just when they should be reinforcing it,” Rubio says, adding that the confidence effect of leaving operations on autopilot for a few weeks creates a window of opportunity that attackers are aware of and exploit. “You have to be aware of this to mitigate it.”
“The key is anticipation and preparation,” says Juan Francisco Cornago, director of cybersecurity at Babel, via email. He recommends “reviewing continuity plans, reinforcing monitoring with automated tools, protecting remote access with strong authentication, enforcing password changes, keeping response teams operational, and, above all, raising internal awareness of risks inherent to the summer period.”
And in his opinion, “a well-designed awareness campaign before the holidays can make a real difference.”
Ángel Serrano, solutions consulting manager at Palo Alto Networks, agrees with the advice to emphasize reviews at this time.
“First of all, it’s a good idea to review how, from where, and with what protection employees connect during the summer. Working from open Wi-Fi networks without a corporate VPN is a serious mistake, not always due to ignorance, but rather convenience,” he says. “Securing traffic, verifying the device, applying multi-factor authentication, and limiting access privileges are basic measures, but they’re often not applied with the same rigor outside the office. And when the perimeter disappears, the zero trust model becomes more important than ever.”
He adds: “To this we must add the physical protection of devices. Encryption by default, remote management, automatic locking, and clear policies regarding data use and storage outside the office are critical measures.”
Palo Alto Networks.
Finally, Serrano emphasizes heightening awareness. “Phishing drills, operational reminders, and training sessions all help. And if security teams are understaffed, AI-based automation can detect behavioral anomalies and contain threats without immediate human intervention,” he says.
More training neccessary
Babel’s Cornago believes that cybersecurity training remains one of the most exploited weaknesses by attackers. “Technology alone cannot prevent incidents if the human factor fails,” he emphasizes. “That’s why it’s so important to implement a cross-functional cybersecurity culture, where all employees — not just technicians — know how to act, what signs to look for, and what they shouldn’t do.”
Unfortunately, he adds, “we already know all this, and we keep failing.”
“The problem isn’t just knowledge, but our cognitive resilience, and that’s precisely where companies should focus their efforts. Let’s not keep making the same mistakes over and over again,” he says.
One mistake Cornago sees is a tendency in summer to let one’s guard down. “Paradoxically, just when we should be most protected, many organizations reduce their monitoring and response capabilities,” he says.
“Strengthening monitoring, maintaining prepared on-call shifts, and training employees in good digital practices are essential measures,” he says. “Cybersecurity isn’t seasonal or exclusive to the technical department: It’s a shared responsibility that must be maintained 365 days a year by 100% of the workforce and its supply chain.”
NetApp’s Balañá also advocates for improved training regimens. “Continuous programs are needed, tailored to the different profiles of the organization, that explain not only what to do, but also why and what happens if we don’t do it right,” he says.
GFT’s Rubio agrees.
“Summer, due to its unique nature, is an ideal time to reinforce this learning, as changes in routine and less supervision can test acquired security habits,” he says. “Engaging in practical, contextualized, and regular training can make a difference and significantly strengthen the organization’s cybersecurity culture.”