According to a survey conducted by Tufin Technologies at the Defcon hacker conference, 81% of hackers said they operated more vigorously when people were on their winter vacation, and 56% said that Christmas was the most appropriate period to hack corporate computers. Here are four reasons why:
- More people shopping, including in-store and online
The average American will spend $700 on holiday gifts this year, and total national Christmas spending is expected to total more than $616.9 billion according to the National Retail Federation (NRF). This is 4.1% up on last year and represents 19.2% of the retail industry’s annual sales of $3.2 trillion.
More shopping means a greater opportunity for bank card fraud. As the number of transactions increases, so does the opportunity to steal card data.
- Employees less vigilant of suspicious activity
With turkey, pumpkin pie, family and friends, presents, mulled cider, and the obligatory holiday sales to look forward to over the coming weeks, it’s no wonder that employees can get side-tracked while working. Many other employees take leave to focus on more pressing festive matters, the weather tends to worsen, and there is a general slowdown in working activity – if you don’t work on a store floor.
With fewer – and less vigilant – employees at work, there is a greater chance for hackers to attack corporate computers and get away with it.
- Retailers have revenue as their number one, two and three priorities
With sales expected to be up on last year, and Christmas recognized as the most important time of the year, it’s no wonder that retailers see dollar signs when they hear the first tinkle of a sleigh bell. The unfortunate fact is that cyber criminals know this too and play on it to their advantage.
Last November, Target was made aware of malicious activity on its systems. Following an initial evaluation by its security team, Target determined that ‘it did not warrant immediate follow-up’.
The hackers then worked at unprecedented speed for 19 days to gather millions of customers’ card data and personal information before they were finally stopped.
If senior management focused on security as much as on profits, then they might have had time to stop and reassess the malware on their systems, potentially saving 110 million customers’ credit and debit card details.
- Rise in number of emails sent means phishing emails are harder to spot
Retailers see the holiday season as a great excuse for sending out more email marketing material to ramp up sales. According to Responsys’ Retail Email Guide to the Holiday Season, 89% of top retailers increased the number of promotional emails sent in November and December by an average of 47% compared to January through October. But among the influx of additional emails from retailers, phishing emails are less easy to spot in your inbox.
According to the HSBC fraud team, there was a 60% spike in the number of phishing emails sent on Christmas Day. Cyber criminals use phishing emails that claim to be from trusted companies to gain your personal information and/or install malware on your PC. Moreover, cyber criminals are getting more advanced in the way they design these emails (using correct logos, fonts, better English), so it is becoming harder to tell the difference between a legitimate and a fake email.
Hackers are most active around Christmas when businesses have other priorities. Make sure you’re prepared for an attack by testing your systems before hackers use your business as their goldmine.
Conducting a penetration test is a relatively inexpensive means of providing a fast and efficient way of identifying any weaknesses in the security of your networks and systems.
IT Governance provides fixed-price CREST-accredited testing services that can be deployed by any organization looking for better protection.
To help organizations prepare for increased cyber threats during the Christmas period, we have a festive offer: book our Combined Infrastructure and Web Application Penetration Test – Level 1 and we will carry out an email phishing campaign to test staff awareness free of charge.