Most people may be busy with year-end gift buying and holiday parties at the end of December, but security professionals have an added obligation: keeping the hackers off their corporate networks.
Most security pros know that spammers and online criminals like to launch their campaigns when they think nobody will be minding the store, and according to a survey of attendees at the Defcon hacking conference earlier this month, Christmas is the best time of year for hackers to strike.
Security vendor Tufin Technologies asked 79 attendees whether they thought summer was "the best time to hack into a company because the security guy is on holiday." Most of them disagreed, and of that group, 56 percent said Christmas was the best time for hackers to strike; 25 percent cited New Year's.
Defcon attendees are anonymous, but Tufin says that the people who answered the questions probably reflected Defcon's mix of ethical security and law enforcement professionals, as well as black-hat hackers who engage in illegal activity.
The holiday season is a favorite time because that's when companies are most reliably short-staffed as employees use up year-end vacation days and take time off to be with family. "There are a lot less people actually doing things," said Michael Hamelin, chief security architect with Ramat Gan, an Israeli company. "It tends to be just a bigger target."
Users may have their guard down around Christmas too, as they shop online and share holiday messages, Hamelin added.
Although just 11 percent of respondents said that the summer was the best time to hack a company, many widespread attacks have been launched in July and August, including last year's Koobface Facebook worm, as well as its predecessors Sobig, Blaster and Zotob.