Ah, summer. Sweltering days, family vacations, the annual Black Hat and DEFCON conferences, and — more cyberattacks?
In a survey published on July 11, security firm Lastline found that 58% of security professionals believe there is some seasonality in the attacks on their company, and the majority of that portion — about 52% — peg summer as the prime time for breaches. Both phishing and malware attacks are more likely to be encountered during the summer months, according to the survey of 1,000 security professionals, with 47% and 44% of respondents seeing more of each of those attacks, respectively.
The results are interesting and should raise questions for companies, says John DiLullo, CEO of Lastline.
"I don't claim to know what is going on in the cybercriminal's mind, but there is some logic to saying that I may get a higher return on my effort during the summer months, especially when my efforts are aimed at individuals," he says.
The timing of cyberattacks have been an occasional topic of researchers' investigation.
A study of 850 attacks in 2017 and 2018 against UK universities found that the attacks often corresponded to the times of the year when students were at school, suggesting that many of the attacks may be initiated by students. The study, by the Joint Information Systems Committee (JISC), found that attacks dropped off significantly during the summer, dropping from an average of one attack a week during the summer months, from up to 60 a week in the fall.
Yet, the feeling among security professionals that summer is high time for sun and cyberattacks persists. A 2017 blog post by former security firm Secdo, bought by Palo Alto Networks in 2018, also argued that summer, with lower staff counts and workers connecting to unsecure Wi-Fi, continues to endanger corporate networks.
"Summer is an opportunity for hackers to take advantage of less staff on call and increased remote access combined with possible ignorance when it comes to the use of public Wi-Fi and mobile network security," the company stated in an archived blog post.
Lastline's survey sheds some light on security professionals' perceptions of the summer bump in cyberattacks. A third of respondents blamed remote working for the increase in seasonal threats, with the largest portion of security professionals — 68% — most worried about employees connecting to unsecured public Wi-Fi hotspots. Other major worries include workers clicking on phishing emails or interacting with spearphishing attacks, leaving their computers unlocked in public locations, and using unapproved applications, according to the report.
"When people are working from home or working remotely, there is a dynamic that happens that — because they are not behind that perimeter in their office, are working with public Wi-Fi providers and on personal devices — you perhaps don't have as much endpoint protection as in the office," DiLullo says.
The other common perception is that a shortage in staffing leads to a slower response time. With security staff on vacation, many companies assume that response time would be slowed. Yet Lastline's survey found the opposite — more security professionals felt that they would respond more quickly to cyberattacks during summer months. In fact, 36% of respondents thought their response to an incident is faster in the summer than other times during the year. Almost half of respondents thought it would be unchanged, and only 12% thought they would be slower.
Companies should still work to speed their response, says Lastline's DiLullo.
"If you don't have the response process automated, and if you find yourself down 20% of your resources, you can imagine the impact that might have on your capability," he says.
Whether the perceived summer bump is supported by other data and what is behind any actual increase in attacks during the summer is unclear. In addition, the survey is not without its inconsistencies. While 53% of respondents initially answered that they did see a seasonal change, a later question — on whether they thought it was due to remote work — suggests that 74% assume there is a seasonal increase in attacks.
Lastline's DiLullo acknowledges that the survey raises more questions than it answers.
"I think it is impossible to know exactly what is at the root of this," he says. "Even the respondents didn't necessarily cite hard evidence."
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.