Hackers rest over summer, pounce during Christmas

The summer season could end up with fewer cyberattacks because companies are less likely to be targeted now than other vacation periods, a new survey shows.

According to the survey, produced by Israel-based security firm Tufin Technologies, most malicious online activity takes place during the Christmas and New Year's holidays.

The survey found that 81 percent of the hackers interviewed earlier this month at the Defcon hacker conference in Las Vegas were more active during the winter holidays, with 56 percent citing Christmas as the best time for corporate hacking -- a quarter of respondents specifically called New Year's Eve the best.

“In the United States, we do not all take vacations at the same time during the summer,” Michael Hamelin, Tufin's CSO, told SCMagazineUS.com Tuesday. “But at Christmas, many people are off. There are so few people at work. It tends to be the favorite time for hackers to increase their activity.” 

In addition, there is more commercial activity at Christmas. Criminals know that people are home buying on the internet and the time is ripe for attacks, he said.

The survey also revealed that cybercriminals follow the same work schedule of most people.

“We found that hackers do not hack on weekends," he said. "They hack during the week, during working hours."

In another area of concern, the survey found that Payment Card Industry Data Security Standard (PCI DSS) compliance is not necessarily a huge hacker deterrent. Some 70 percent said that PCI compliance makes no difference; 15 percent said that it actually made corporate hacking easier.

“Companies that focus on compliance may get to the mark for compliance, but in the process, they forget that it's security that they need to be focused on," Hamelin said. "It's people and processes that make the difference."