Why attacks rise sharply during the long holidays

While the directive targeted saccos, experts say the weaknesses are systemic, affecting sectors that rely on continuous digital operations, including banking, telecommunications, healthcare, retail, logistics and government services.

At the core of the risk is a shift in organisational posture during holidays. Staffing levels drop significantly, leaving critical functions to skeleton teams and slowing detection and response to suspicious activity.

Syntura East Africa Regional Director Anthony Muiyuro says long holidays create a “perfect storm” of reduced vigilance and operational gaps.

“Long holidays typically lead to reduced staffing, slower response times and lower oversight,” he says. “Security and IT teams operate with minimal capacity, delaying incident detection and response, while employees are more prone to mistakes due to pre-holiday pressure and remote work arrangements.”

This combination of human and operational vulnerabilities increases exposure to phishing attacks, fraudulent transactions and system intrusions at a time when institutions are least prepared to respond.

Cyber Guard Africa chief executive Bright Gameli agrees, noting that attackers deliberately exploit reduced surveillance.

“During holidays, attackers know that most organisations have staff away from the office, making these periods convenient for launching coordinated attacks,” he says.

According to Sasra, cybercriminals are not only opportunistic but also strategic, often striking in the final hours before holidays when staff are rushing to clear workloads and attention to detail is diminished.

Mr Muiyuro says these moments of distraction create entry points that can be exploited before systems transition into low-monitoring states.

“Just before holidays, staff are rushing to complete tasks, making them more likely to overlook suspicious activity. Late at night during the break, monitoring is weaker, giving attackers more time to operate undetected,” he says.

The night-time window during holidays has emerged as particularly high-risk, allowing attackers to move laterally within networks, escalate privileges and exfiltrate data without triggering immediate alarms.

The threat is compounded by the fact that critical sectors cannot shut down during holidays. Essential services must remain accessible around the clock, creating a paradox where systems stay fully operational even as the human capacity to monitor them declines.

Healthcare facilities rely on uninterrupted digital systems for patient management, while telecommunications networks must handle increased traffic without compromising security.

Beyond internal gaps, analysts point to growing reliance on third-party systems as a major risk factor. Interconnected platforms such as mobile money systems, application programming interfaces (APIs), outsourced IT services and cloud infrastructure have expanded the digital attack surface.

This interconnectedness means a single weak link can compromise an entire ecosystem, particularly when coordination across providers slows during holidays.

“Attackers often exploit the weakest link. Reduced oversight and slower coordination across multiple providers make it harder to detect and contain breaches quickly,” says Muiyuro.

The risk is especially pronounced in Kenya’s financial sector, where digital channels such as mobile banking and online platforms are central to service delivery, increasing both convenience and exposure.

Dr Gameli adds that attackers also take advantage of seasonal behaviour, including the surge in promotions and online activity.
“Hackers ride on holiday promotions to create fake offers and trick users into clicking malicious links,” he says.

These social engineering tactics target both consumers and employees, exploiting trust in familiar brands and the urgency of time-sensitive deals.

Despite increasingly sophisticated threats, experts argue that the primary vulnerability during holidays is not technological but operational, rooted in human behaviour, planning gaps and weak contingency measures.

“Cyberattacks spike during holidays because vigilance drops, response slows and systems remain active,” says Muiyuro. “For most organisations, the risk is less about technology and more about timing, human factors and operational gaps.”

Institutions are now being urged to adopt 24-hour security operations, supported by automated threat detection and rapid response teams that can function effectively even during low-staff periods. There is also growing emphasis on employee awareness, particularly in recognising phishing attempts and adhering to security protocols during high-risk periods.

→ [email protected]

Follow our WhatsApp channelfor the latest business and markets updates