As offices go quiet between Christmas and New Year's, security teams brace for a busy stretch fending off hackers.

Why it matters: Malicious hackers are opportunistic — and what's better than targeting a company and its data when they know the defenders will be away?

• "I'm not going to go and try and rob a bank when there's a security guard standing out front," Jacob Dorval, global head of advisory services at Sophos, told Axios. "I'm going to wait until that guard leaves for the day."

By the numbers: 52% of ransomware attacks in the last year happened on a weekend or holiday, according to a report from cybersecurity firm Semperis released in November.

• 78% of organizations said in the same survey that they reduce security staff over the holidays.

Between the lines: Security teams know they need to be on guard while the rest of the company is away, and they often start preparing for this period months in advance, Carl Froggett, chief information officer at Deep Instinct, told Axios.

• Froggett, who is formerly a top security executive at Citi, said he used to have his teams plan to complete all major security patches, IT upgrades and employee training before Thanksgiving.

The big picture: Hackers often use the holiday season, when there are fewer eyeballs on company networks, to pursue phishing, ransomware and data theft attacks.

• "Those kinds of things are exactly why attackers like this particular period," Froggett said.

Flashback: Many of the most high-profile cyberattacks of this decade happened over the holidays.

• The U.S. government uncovered the Russian-backed SolarWinds espionage campaign right before Christmas in 2020.
• A critical vulnerability in the open-source Log4j logging tool was uncovered weeks before Christmas in 2021.
• Just last year, the Treasury Department found that Chinese hackers had broken into its systems during the last week of December.

Zoom in: At Sophos, several of the cybersecurity company's teams will be online throughout the holidays to fend off any attacks their customers face.

• Sophos also advises their clients to check their basic cybersecurity hygiene, including unpatched devices and implementing multi-factor authentication, before the holiday season begins, Dorval said.
• "Nine times out of 10, the attacker is going to compromise you through some type of low-hanging fruit," he added.

Yes, but: Advancing AI agents could help lighten the burnout that many security teams feel around this season, Froggett said. When human defenders log out, their AI companions will stay online.

• "AI agents of any description are ultimately a multiplier, an amplifier of your human element," he said.

What to watch: Successful intrusions might not be found until weeks after the holidays end and employees are back at work.

Go deeper: U.S. cyber defenders are burned out