Updated: December 19, 2019 by Agnes Talalaev
Infographic with data below.
There is a worst possible time to suffer an attack or data breach and it’s Christmas.
Not only because it’s a time spent with family and friends, vacationing and drinking hot chocolate in front of a fireplace. There’s also usually a lot of time away from work and your computer.
So what better time for a hacker to compromise your website than at Christmas?
For an e-commerce site, Christmas is usually the highest-selling time of the year and a hack is going to severely affect the sales. As a result, there’s a high chance, if you are not protected, to instantly lose all your Christmas sales.
For office workers, Christmas is a time when offices will go half-empty and employees are using up their remaining annual leave days. Those who are left will think more about what magical gifts to buy for their loved ones or where they are gonna find the ugliest sweater.
This is the time when a hacking attempt can catch a company totally off-guard and can bring a lot of trouble.
The good news is that you can give yourself peace of mind when leaving work to spend a cozy festive time with your family. For this reason, eliminating the risks beforehand can make your time away 10 times more calm and happy.
An answer to that question is best asked by hackers themselves. A survey made among the participants of the Defcon conference stated the following.
About 81% of the hackers said that most often their hacks happen during the winter holidays.(Source)
6% of the hackers say that Christmas is the best time to tackle a corporate network, while 25% think New Year’s Eve is best.(Source)
Speculating on the fact that hackers are more active during the winter season and winter holidays can mean that there are more active hackers in the northern hemisphere than in the southern hemisphere.
No one likes staying outside for a long time when it’s really cold, right.
In addition to hackers being more active, shoppers are as well. It all starts with Black Friday and Cyber Monday sales, where the early birds try to get the presents with really good prices.
So it makes hackers work as well as trying to invent all kinds of different campaigns and ways to scam the unsuspecting ones.
Several surveys made with people in the U.K., France, Germany, Spain, Australia, India, and Singapore stated that they had fallen victim to fake charity scams in 2019.
Many people are exceptionally giving holidays by making donations. Cybercriminals know that as well as they pose as a charity online and collect financial data and money from unsuspecting users.
It’s not only the charity, but it’s also shopping online overall.
For example, in 2016 ThreatMetrix predicted that there will be about 50 million online attacks during the week of Black Friday and Cyber Monday. What they actually saw was that there were more than 130 million attacks over the 90 day period that led to Christmas and New Year.
It strongly indicated that the final quarter of the year that leads up to Christmas and New Year sees the most attacks than other quarters of the year. So many reasons to protect websites, right.
This sounds like it concerns the consumer, but the actual loser here is a company that does not have it’s security measures in place.
The Ponemon Institute’s study showed that cyber-attacks on Black Friday and Cyber Monday could generate losses of up to $500,000 an hour for retail shops.
It’s not only the revenue loss, but it’s also the reputation loss, brand damage, and data breach. The loss can rise up to $4 million and you’ve heard about GDPR, right?
The study also showed that 64% of organizations saw the attacks getting more and more frequent when Christmas time arrived. The spikes were up to 64%.
This data is a few years old and today the cyberattacks have grown exponentially, which means, the numbers have changed. Let’s just hope that more and more companies understand the need for security and how important it is to protect their websites and the data it holds.
Now is the time to cover all the important tasks you need to do before leaving for the holidays. Securing your website, updating your software and more. Let’s dig in.
Yes, in every blog post you read about how to improve your website of web application security, it will almost always include updates. But why?
Protecting the endpoint is the most important part. Hackers are keeping a close eye on security flaws and looking for possible vulnerabilities daily. These can be in popular web software and will aggressively target them once found.
When talking about CMS security then what makes it worrisome is that 98% of WordPress vulnerabilities are related to plugins. And usually, the plugins that are outdated are the ones being targeted.
Plugin vulnerabilities are best to secure by using a firewall that can receive virtual patches. When having virtual patches enabled on your firewall, a security team behind it cand send your firewall security rules or patches of newly discovered vulnerabilities.
If possible keep the backups off-site, always. It’s never a good idea to keep your backups on the site itself.
The second suggestion for backups is that the best option is to choose the backup that is managed by your hosting provider.
You can read more about that in our blog post: Backup Plugin VS Hosting Level Backup: Which One’s Best?
Before leaving for the holidays, make sure you protect websites with a proper web application firewall that can receive automatic updates or virtual patches.
Why is that important?
It’s important because when you are away from your computer, spending jolly time with your family, hackers are actively trying to attack vulnerable software. This is where a proper layer of security comes very handy.
Read more about what a web application firewall is here.
First the basics of access management:
So about the post-its. Nobody likes passwords and nobody likes to generate new passwords and nobody likes to remember all their passwords. That’s the reason we use password management tools. Life just makes so much more sense after starting to use one.
Just some examples to try KeePass, LastPass or PassCamp.
And let’s not stop there, in addition to strong passwords enable two-factor authentication (2FA) on all your important accounts, especially on your website.
Read how to add 2FA to your website here.
So what is a response plan? It’s a plan to follow when things get really bad. By real bad, we mean for example that your e-commerce site is hacked and defaced with political propaganda. In addition to that, Google has reported the site malicious and has put your site to a blacklist.
It means no sales. No organic traffic. No traffic at all. And to top it off, there are hacker messages all over your front page.
This is where the incident response plan comes in very handy. Who would you contact in that case?
PS! There is a website malware removal guarantee feature, which is for situations like that. You can read more about the guarantee from here.
Christmas is a season to be jolly, but also a season to be aware of cybercrime.
As said, the worst possible time to suffer an attack or data breach is Christmas.
So this Christmas be smarter and one step ahead. Protect and update your websites, make a backup and have a firewall and incident response plan in place.
This will help you to go and spend the holidays with your family without worrying.
Protect your websites from malicious traffic - set-up in under 3 minutes.
WebARX is compatible with the following platforms: