Online shopping campaigns, school vacation periods and other windows of opportunity produce the most distracted, off-guard prey, it seems

In analyzing the most prevalent cyber incidents in its 2023 user base data, one cybersecurity firm has noted that high severity threats were increasing and peaking during prime times for holidays and online shopping seasons such as in June and November.

Such a trend is in line with earlier correlations in 2022 where researchers noticed that attackers were taking advantage of times when people are away, busy, or distracted — to time the launch of their attack campaigns in order to incur more damage and amid high risks.

In terms of the type of attack most frequently launched at such distracting periods, identity theft and compromise topped the list. Such attacks enable cybercriminals to breach an account and gain access to the corporate network, data, and more.

According to Merium Khalid, Director, SOC Offensive Security, Barracuda Networks, the firm that publicized its 2023 cyber threat trends data: “Cybersecurity involves understanding attackers’ behavior as well as their tools and tactics… Most attacks… gain access to accounts by compromising identities. As attackers start to leverage AI tools to scale the volume, speed, and sophistication of attacks, these trends will escalate. Security teams need to ensure their security tools have the same power.”

The firm recommends that the implement robust authentication and access controls (multi-factor authentication at a minimum, and ideally moving to Zero Trust-based measures), alongside a solid approach to patch management and data protection, with regular cybersecurity awareness training for employees.

At the back end of the network, organizations can engage 24/7/365 security operations center monitoring to catch unknowns and anomalies that could otherwise slip through their defenses.