56% of cyber criminals cited Christmas as the best time for corporate hacking

Criminal hackers love the winter holidays. Obviously, they enjoy crisply crunching through silent snowdrifts and warming themselves in ancient inglenooks as they knock back mulled wine and roasted chestnuts while raucously singing carols – that goes without saying. But they also love the increased opportunities the holidays bring.

The festive period is frequently cited by cyber criminals as the best time of the year to engage in corporate hacking. Indeed, a 2009 survey of anonymous Defcon attendees found that 56% of cyber criminals thought the winter holidays the optimal time to hack corporate computers. Why?

Large numbers of employees using up their annual leave to spend time with their families means there are fewer people actually working – and those who are actually in the office have their minds on other things. They’re buying their Christmas shopping online (last Christmas one in five Brits did all their shopping online), they’re exchanging festive greetings and silly seasonal emails with their friends, they’re relaxed… they’re more susceptible. Their guard is down.

So, as the year moves inexorably towards its close and your employees start to turn their thoughts from meetings to mince pies, hackers are dusting off their black hats and getting down to work. How sure are you that your organisation can withstand the biggest onslaught it’ll see all year, which will fall at the most financially sensitive time of the year? How sure are you that your staff will be able to deal responsibly with the increase in phishing attacks and spam campaigns specific to the season? Are your cyber defences up to the job?

If you’re not entirely sure, don’t worry: although there are now fewer than 50 days till Christmas, you’ve still got time to protect your organisation from attack, but you need to get on with it. You need to pen test now, and you need to act on the findings of that pen test so that, as the year gets busier, you don’t suffer.

IT Governance’s Combined Infrastructure and Web Application Penetration Test – Level 1 will identify potential vulnerabilities in your infrastructure and web applications, and provide recommendations to improve your network security, enabling you to comply with client requests, meet the requirements of the international standard for information security management, ISO 27001, and ensure that your organisation is still operational when everyone comes back to work in the new year.

Better still, if you order this service in November, we’ll throw in an email phishing campaign to test your staff awareness absolutely free. See if your staff are susceptible to phishing attacks, and mitigate the vulnerabilities that phishing attacks will exploit. Click here for more information >>