Published by Security Testing & Assurance (STA) on 5 December 2025
With the festive season just around the corner, cyber threats are still lurking in the shadows, ready to strike when organisations are at their busiest or when teams are enjoying a well-deserved break.
The holiday period is often a prime target for opportunistic threat actors seeking to infiltrate systems and compromise sensitive data – and defenders cannot let their guards down.
CyberCX has released several publications this year, shedding light on the methods used by adversaries and the most critical vulnerabilities identified across 2,500 security tests.
The Threat Report outlined how organisations are most commonly breached, while the Hack Report highlighted key weaknesses on the network perimeter and within web applications. Together, these resources serve as valuable tools to help you prioritise security actions, strengthen defences, and maintain resilience – and they remain just as relevant during the holiday period as every other time of the year.
The Threat Report revealed the top attack types observed in real-world incidents based on incidents CyberCX responded to in 2024, including:
- Business Email Compromise (28%)
- Unauthorised access (25%)
- Cyber extortion (22%)
- Website compromise (9%)
The report delves into trends and the common tactics, techniques, and procedures (TTPs) used by adversaries, providing actionable insights to defend against their activities.
The Hack Report identified several high-severity common vulnerabilities in network perimeters based on CyberCX offensive security testing, including:
- Exposed services lacking access restrictions
- Broken authentication
- Excessive permissions
- Insecure remote access
Addressing these vulnerabilities will directly lower the risk of unauthorised access incidents and reduce initial access points for cyber extortion and email compromise.
Website compromises were also highlighted in the Threat Report as a top attack vector, with the following vulnerabilities emphasised in the Hack Report:
- Broken access controls
- Insecure file upload functionality
- Injection attacks
- Lack of effective multi-factor authentication
- The presence of outdated, unsupported, or end-of-life software
More broadly, the Hack Report found that three underlying issues were responsible for 90% of all identified vulnerabilities. By focusing on these root causes, organisations can address security risks strategically and efficiently:
- Application and Development Security
- Identity and Access Management
- Configuration and Patch Management
Aligning your security strategy to these focus areas enables organisations to better allocate resources and address vulnerabilities most exploited by attackers.
What can I do to get ahead of these issues?
The lead-in to the holiday period and the return to work afterwards can be a good time to reflect on the “big picture” strategic questions about your cyber security posture, to help strengthen your defences and resilience for the year ahead:
1. How confident are we about the real-world resilience of our systems against cyber incidents?
Penetration testing, including external and web application testing, is a cost-effective and essential measure to help minimise your risk of compromise. We recommend doing these regularly, so if you haven’t done one in a while, now is the time to start thinking about it.
CyberCX’s security testing team can help optimise your testing program, identify potential blind spots, and provide clear insights into your organisation’s exposure to the most critical and high-impact threats.
2. If a cyber incident occurs, how confident are we in our ability to prevent, detect and alert on the activities of an attacker?
Red Teaming and Purple Teaming exercises simulate real-world cyberattacks on your organisation. CyberCX Red and Purple team scenarios are based on current threat actor tactics, techniques and procedures, tailored to your sector and organisation, and previous incidents or red team findings.
3. If the worst does occur, do we have the capability in place to immediately activate technical incident response and/or crisis communications?
The early stages of an incident are critical to containment and prevention of further damage by a threat actor. Failure to prepare for cyber adversity increases your organisation’s risk of extended downtime, data loss, compliance penalties and reputational harm.
A Cyber Security Incident Response Plan (CSIRP) is a critical tool that supports teams to coordinate communication and activities, and understand their roles and functions before, during and after a cyber incident.
4. How ready are senior executives in our organisation to deal with this type of incident?
Cyber incidents often present unique challenges for leaders – they are adversarial, contested, dynamic and ambiguous – to sum it up in one word, it’s chaos.
An executive cyber security exercise is a scenario-based experience that brings together key stakeholders to walk through their roles in a fictional, but plausible, incident. The exercise is designed to surface assumptions, clarify responsibilities, and strengthen an organisation’s ability to respond in real-time, while often working with incomplete information and uncertainty.
5. Is our cyber strategy aligned with our organisation’s unique threat model and threat landscape?
Cyber threat actors are adaptive, the geopolitical landscape changes quickly and technology is always evolving. CyberCX’s Intelligence can help your organisation understand the threats that matter most to your external environment, to help make better decisions about managing risks internally.
CyberCX is here to help ensure your business remains resilient against opportunistic cyber threats. If your organisation experiences a breach during the festive season, contact CyberCX here for an immediate response.
