You'll see a lot of advice at around this time of year, which talks about the risks of scammers and general cyber criminals, when it comes to the 'season of goodwill'. The advice is solid and should be heeded, but there's more to it than that. Let me explain.
Seasonal scams are a thing, but it's important to remember that they are generally targetting individuals / consumers and not necesarily organisations. Their main aim is to separate buyers from their money, with nothing in return. So, you'll typically see a 'store' appearing on your social media app of choice, selling 'genuine' brand name products at massively discounted prices. This happens all year round, but does tend to become more prevalent over the holidays.
The usual story is this - scam site, crazy prices, you buy something you never receive and have pretty much zero chance of seeing your money again.
It ruins lives, and cybercrime / fraud costs literally trillions of dollars each year. It can also ruin the festive time - no presents and you're out of pocket. It wasn't a real Rolex.
Bringing this back to the organisational context, cyber criminals don't really mind which time of the year we're in. They're active all of the time. Looking at some of the UK data for 2023 alone, we saw over 1400 reported data incidents. I say reported, because the real number is likely far higher, as firms either kept things quiet from the public (i.e. their customers) or even worse - don't actually know yet that their data walked out of the company.
A notable incident (with a high casuality rate) was DarkBeam. So, this company actually provides threat intelligence to its own customers about their exposure to data breaches. Ironic in the extreme, as they leaked the data of 3.8 billion user accounts, by leaving access to a data source open to the internet.
This was in September 2023. Another notable incident involved the UK Electoral Commission losing the data of some 40 million registered UK voters. The UK operates a mechanism where voters can opt out of public exposure of their personal data and, well, this kind of blew that personal choice away.
The point here is this - there isn't a season of goodwill when it comes to attackers. There is no honour amongst thieves and while some of them do get very busy at this time of year, or piggyback on a world event at any time of the year, the mainstream bad guys are doing their work all year long.
So, it's time to think about how that might impact your organisation and give Octopi a shout, so we can talk you through this story and more, and show you how we can help.
We offer consultancy based on empathy (because we've all been there!), as well as a variety of practical solutions that can help limit your risk of having a bad day, whatever day of the year it is. Drop us a note in the form at the bottom and we'll be in touch.