Historically, the holiday season has always seen a rise in phishing, ransomware, and supply chain attacks as threat actors take advantage of distracted employees, higher transaction volumes, and reduced staffing. Over the past year, with ransomware already running rampant, those risks are compounding even at the beginning of the year.
According to research from Microsoft, extortion and ransomware accounted for half of all cyber attacks during the first half of 2025. Attackers have been seeing opportunities all year, and the current conditions have also left openings that they may be quick to exploit, making this one of the highest-risk periods of the year for many organizations.
As businesses move into 2026, resilience depends on reinforcing core security fundamentals—things as simple as security awareness help employees recognize and report suspicious activity. Likewise, it’s never been more important to know who is lurking in your organization’s IT systems. And all of these best practices should be incorporated into an up-to-date incident response plan that ensures your organization can act quickly if an issue occurs.
High-risk periods are no longer limited to a single season. Whether driven by business growth, workforce changes, or operational strain, organizations that start the year with a strong security foundation are better positioned to protect trust, continuity, and long-term resilience.
Readiness Starts with Year-round Awareness
Start with fortifying your people. It’s been said that the security posture of any business is only as good as the people who work there, and, during the holidays, maintaining that posture becomes a little harder. Employees run into greater distractions and higher volumes of email, invoices, promotions, and customer requests. With attention and bandwidth stretched thin, instilling strong security awareness must be an ongoing priority.
Setting up annual training and calling it a day is no longer adequate. The best approach is to provide short, relevant reminders that reflect the types of threats employees will see most often during this period—themes such as package deliveries, gift card promotions, bonus notifications, or updated payment requests are often frequently used in seasonal phishing campaigns. Moreover, teams that work directly with customers or financial systems are especially vulnerable, so tailoring awareness to their specific workflows helps them recognize suspicious activity faster.
Even seemingly minor shifts in focus around policy can make a big impact. Make sure your organization outlines clear expectations and practices for verifying requests, handling sensitive information, and reporting anomalies.
Such a reporting culture, where employees can raise concerns without hesitation, allows issues to surface earlier, making them easier to contain while preventing missteps. And pairing that kind of environment with safeguards such as phishing-resistant authentication and email filtering creates multiple lines of defense when operational tempo is at its highest.
How Well Do You Know Who Has Access?
You also need to verify who exactly has access to your systems.
Over the course of the year, businesses evolve, roles change, employees come and go, and priorities shift. Through all of it, various stakeholders find themselves with access to all kinds of information, accumulating over time. Allowing access to sensitive systems can introduce massive risk, particularly if outdated or unnecessary accounts remain active.
Getting a handle on access controls should start with a focused review that identifies stale accounts, shared passwords, or broad permissions that no longer reflect job responsibilities. Tightening access ahead of peak operational periods minimizes the paths attackers can use if they obtain credentials.
That’s true for everyone, but for organizations that rely on partners to function, managing third-party access and monitoring needs to be particularly prioritized—especially during the holidays when vendors and contractors are relied on to support holiday operations.
When you ensure your business has a complete understanding of which partners have access while also actively strengthening these controls, organizations create a more stable environment that reduces both the likelihood and the impact of unauthorized access.
Implement a Robust Incident Response Plan
Still, what if something does happen?
During the holidays, when detection may be slower due to peak business demand that makes teams less available, what seems like simple misalignment can result in delays and possible catastrophe.
And while raising security awareness and managing access are critical steps, it’s also beneficial to run a test scenario. By simulating a phishing compromise or a system interruption during peak activity, you can reveal any remaining gaps in decision-making responsibilities or reporting steps that would cause delays during real crises. These exercises are not about perfection but about identifying weaknesses, strengthening coordination, and creating familiarity.
Rapid detection and escalation often determine how much an incident spreads, especially during busy periods, so it’s critical that your employees know how to escalate unusual activity quickly, regardless of schedule or location.
Strengthen Cyber Maturity for What Comes Next
The key to navigating high-pressure operational periods is preparation and building a foundation of best practices that the entire organization can follow. With attackers continuously adapting, emphasizing awareness, refining access controls, and preparing response teams for disruption creates an environment capable of withstanding uncertainty.
By approaching 2026 with a focus on readiness and validation, organizations can reduce cyber exposure while strengthening customer trust. That trust not only supports business resilience during future high-impact periods, but also sets the tone for a stronger and more secure year ahead.
Avani is Chief Executive Officer at Schellman, the largest niche cybersecurity assessment firm in the world that focuses on technology assessments. Avani is an accomplished executive with domestic and international experience in information security, operations, P&L, oversight, and marketing involving both start-up and growth organizations. She has been featured in Forbes, CIO.com, and the Wall Street Journal, and is a sought-after speaker as a voice on a variety of emerging topics, including security, privacy, information security, future technology trends, and the expansion of young women involved in technology.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.