Each year, summer acts like a “pause button” for many businesses and organisations. With reduced staffing, lighter protocols, and diminished oversight, it’s the season of well-earned holidays for most. But for cybercriminals, it’s quite the opposite. Summer is a strategic period, their high season. This general slowdown, combined with decentralised and often less secure working environments, creates an ideal window to infiltrate systems, bypass control processes, or take advantage of delayed responses.

When Hackers Strike

 

Cyberattacks carried out during the summer period don’t just prey on holidaymakers’ naivety, they also target weaknesses within organisations. In August 2022, the Los Angeles Unified School District, the second largest in the United States, fell victim to a ransomware attack over a holiday weekend. The timing was no coincidence: the IT system was operating in a reduced mode during the summer break, which allowed the attackers to infiltrate the network without being immediately detected (eSchool News).

In Spain, during summer 2023, public hospitals were targeted by opportunistic cyberattacks, particularly ransomware. These attacks disrupted certain critical services, taking advantage of a moment when many technical staff were absent or on holiday. The attack highlighted a lack of anticipation: few staff on site, relaxed protocols, and no response plan suited to a low-activity period.

And this this phenomenon is spreading around the world : in New Zealand, in January (southern hemisphere summer), several local administrations were targeted by “business email compromise” (BEC) attacks, in which hackers impersonate an executive to request bank transfers. In one documented case, a temporary employee approved a payment of several tens of thousands of dollars, believing he was following a legitimate instruction from an executive who was on holiday.

 

Less Vigilance, More Invisible Risks

 

What makes the summer period particularly risky is that it doesn’t hinge on a single technological flaw, but rather on a combination of small human and structural vulnerabilities: team rotations, poorly defined delegations, new or less-trained employees and contractors, and weakened supervision. All of these factors weaken the usual security chain.

Hackers know this. They adapt their attack calendars, as highlighted in a Thales report on seasonal threats: unauthorised access attempts to IT systems increase on average by 30% between July and August in the education, healthcare and local government sectors. This is sometimes referred to as “cyber seasonality”, a phenomenon still largely absent from corporate security policies

 

Anticipate rather than repair

 

Here are a few best practices to avoid leaving a gap while the offices empty out:

  • Update continuity protocols for low-activity periods: ensure strengthened operational coverage for critical functions (IT, finance, security).
  • Train temporary staff, replacements, and subcontractors: they are often the most exposed and the least prepared to recognise fraud attempts.
  • Activate alert and automatic monitoring systems: to detect unusual behaviour even without immediate human intervention.
  • Conduct access audits before summer: to check who has access to what, and deactivate inactive or non-essential accounts.

 

Cybersecurity doesn’t rely solely on software or firewalls: it also depends on human chains and well-oiled processes. And summer is precisely when those chains loosen. It’s this desynchronisation, more than large-scale spectacular attacks, that hackers exploit. Being proactive means integrating this reality into protection strategies. Because even when activity slows down… the threats don’t take a holiday.

Digital Public Infrastructures: Evolution or Revolution? | TRUSTECH
White Paper Central Bank Digital Currency: Challenges for Payment Sector | TRUSTECH