51% of security alerts occur outside of business hours!

SCWorld.com reported that “A Sept. 16 report from Arctic Wolf details how threat actors have accelerated their tactics, exploiting identity and timing to bypass network defenses. The report’s primary finding: 51% of alerts issued occurred outside of business hours, with 15% of total alerts taking place on weekends. Arctic Wolf researchers also found that certain vertical sectors remain prime targets, with education, healthcare, and manufacturing topping the charts for attack volume largely because of outdated infrastructure, the high value of the data they store, and low tolerance for downtime.”  The September 18, 2025 report entitled “Over half of security alerts occur outside of business hours” (https://tinyurl.com/ebk2s6r9) included these comments:

“Today’s threat landscape is defined by round-the-clock attacks that target identity, exploit timing, and drive alert fatigue, leaving defenders to navigate increasingly complex tactics,” said Dan Schiappa, president, technology and services, Arctic Wolf. “Our report distills those insights into clear guidance organizations can use to strengthen defenses and prepare for what comes next.”

Gary Orenstein, CCO at Bitwarden, said Arctic Wolf’s report underscored that identity compromise has become the most reliable entry point for attackers. With over half of alerts occurring outside business hours, Orenstein said adversaries are timing intrusions to coincide with thinner defenses and escalating privileges through weak, stolen, or unmonitored credentials.

“If identity is the new security perimeter, it has also become the primary attack surface,” said Orenstein. “Attackers are compressing the response window, exploiting VPNs, firewalls, and privilege escalation pathways to encrypt unmonitored systems in under 90 minutes.”

Is anyone surprised?