IE 11 is not supported. For an optimal experience visit our site on another browser.

Does Cybercrime Take a Christmas Vacation?

The world hasn't ended, but that doesn't mean yours can't still be turned upside down.
/ Source: TechNewsDaily

The world hasn't ended, but that doesn't mean yours can't still be turned upside down.

As the end of the year approaches, it may seem like cybercrime is taking a holiday, but now is no time to rest on your laurels.

For the past four years in a row, major security events have occurred on or soon after the New Year.

Jeffrey Carr, the CEO of security firm Taia Global, calls it the "January Effect." He told CSO Online that Christmas and the time immediately afterward may be seen by criminals as an advantageous time to launch an attack, as many top IT personnel may be on vacation.

To bolster his claim, Carr pointed to the December 2008-January 2009 battles, fought on the ground and online, between Israel and the Palestinian militant group Hamas.

The following holiday season, in December 2009 and January 2010, Google and many other leading technology, defense and retail companies were breached by hackers who were believed to be in the employ of the Chinese government.

In early 2011, encryption software firm RSA was breached by hackers looking for the seeds that power two-step authentication tokens used at the highest levels of government and business.

Last year, hackers claimed to have stolen Symantec's source code for its Norton Antivirus software.

All of those were major security events, yet Carr doesn't show how events in January compare to the rest of the year, Global Cyber Risk CEO Jody Westby pointed out to CSO Online.

"Was January really that different?" Westby asked.  "We have had so many high-profile incidents, in part because they are now more openly reported and media picks up on them more."

John Prisco, the CEO of security firm Triumfant, agreed, saying there's really no such thing as a day off for cybercrime.

"If you look at the year-round nature of some of the major breaches in 2011 and 2012 — Sony, Epsilon, Global Payments , [South Carolina] Dept. of Revenue — clearly, they didn't all happen in January."

Follow Ben on Twitter.