Hackers take the summer off before winter spike

Hackers take the summer off before winter spike

With high profile data breaches making the headlines, firms may fear they're next this summer as IT staff go on their holidays. But they needn't worry - the hackers are taking a break themselves, according to a survey from security vendor Tufin Technologies.

At the annual Defcon event in Las Vegas this month a poll of 79 hackers found 89% will not be working overtime as IT professionals take off for the summer vacation.

Hackers appear to prefer winter, with 56% citing Christmas as the best time to engage in corporate hacking and 25% naming New Years Eve.

Michael Hamelin, chief security architect, Tufin Technologies, says: "It's received knowledge in the security world that the Christmas and New Year season are popular with hackers targeting western countries. Hackers know this is when people relax and let their hair down, and many organizations run on a skeleton staff over the holiday period."

The survey also reveals IT staff should be on their guard during weekday evenings, with 52% of hackers stating that this is when they spend most of their time working. In comparison, just 32% hack during work hours and 15% on weekends.

The hackers also have a warning - it doesn't matter how many millions a company spends on its IT security systems, it's all a waste of time and money if the administrators fail to configure and watch over their firewalls.

A massive 86% of respondents say they could successfully hack into a network via the firewall with a quarter claiming they could do so within minutes.

Most respondents (70%) don't feel that regulations introduced by governments to implement privacy, security and process controls has made any difference to their chances of hacking into a corporate network. Of the remaining 30%, 15% said compliance initiatives have made hacking more difficult and 15% believe they've made it easier.

"As the media constantly reminds us, while standards such as PCI-DSS provide a good baseline, organisations that assume achieving PCI compliance will solve their security woes are in for a rude awakening. With security and compliance budgets so deeply intertwined, it serves us as security professionals to make the two more synonymous. At the end of the day, the more accountable we are willing to be, the less we'll have to be," says Hamelin.

Comments: (0)