Fighting cybercrime is one of the biggest year-round challenges for UK businesses in the ever-changing digital landscape. Startling figures from the Government’s Cyber security breaches survey 2023 reveal a staggering 2.39 million cyberattacks and 49,000 instances of fraud occurred over a 12-month period, costing UK businesses an estimated £15,300 per victim. Charities were also heavily targeted, with 785,000 cybercrimes taking place as hackers attempted to steal passwords, financial information, and other personal data for their own nefarious gains.
But, while cybercrime remains a 24/7 concern, are cybercriminals more likely to strike at certain times of the year, when is your data at its most vulnerable, and why? A study conducted by expert cybersecurity services provider, ramsac, can now reveal when digital threats loom largest so that businesses and individuals can be extra vigilant to protect themselves against a potential attack.
From global events to holidays and seasonal patterns, find out why certain months pose a greater security risk than others and why proactive cybersecurity measures are essential at these times to safeguard your data.
March: The Month of Cybersecurity Madness
March is a vulnerable time for businesses as the UK tax season reaches its peak. This is often an open invitation for hackers to send out fake tax-related emails and set up fraudulent websites enticing businesses and individuals to part with their data.
The UK broadband provider Virgin Media suffered one of its lowest moments in March 2020 when cybercriminals gained access to the personal data of 900,000 customers. The data was compromised for around 10 months, while Virgin Media faced legal action amounting to £4.5 billion, or around £5,000 for each affected customer.
Elsewhere, two Chichester schools were targeted by a ransomware attack in March 2023, forcing them to close phone lines and shut down websites. The hackers threatened to release sensitive data if the school didn’t comply and pay a ransom. Luckily, no ransom was paid and a thorough police investigation was launched.
Mother’s Day also falls in March in the UK, and it’s another golden opportunity for cybercriminals to strike. Again, phishing attacks and scams will be highly prevalent at this time as online shoppers buy presents and gifts for their deserving mums.
June: Heatwaves and Cyber Risks
The sun’s out and so are the hackers as June and the start of the summer holiday season represent one of the busiest months for cybercrime.
For UK pub chain JD Wetherspoon it’s a month to forget after suffering its worst-ever cyberattack in June 2015. Russian criminals were thought to have been behind the attack after the chain’s old website was hacked and the payment card details of 650,000 customers were stolen. It took JD Wetherspoon around six months to recognise a data breach had taken place.
June is another month when the temptation to find a bargain summer holiday is strong, putting hackers on high alert. People could receive opportunistic emails offering fake hotel deals and flight offers in a bid to access personal accounts. Criminals will also send phishing emails and spread malware through attractive but phoney travel promotions.
If you’ve received an email offering flights and a week’s accommodation in New York for £99 it’s probably too good to be true. And it’s more than likely to be the handiwork of hackers tempting you to click through and hand over your personal details.
September: Back to (Cyber) School
September saw the biggest data breach of 2023 when UK digital risk protection company, DarkBeam, exposed an astonishing 3.8 billion personal records, emails, and passwords to the internet because of a ‘misconfigured interface,’ which clearly breached confidentiality principles. Similarly, the data of 2.2 million Pakistani residents including contact numbers and credit card details were offered for sale on the dark web after hackers accessed a database used by hundreds of restaurants.
As the academic year approaches, schools, colleges, and universities can also experience a rise in cyberattacks during September when systems are busier than usual with the new intake of students. Phishing emails offering fake school supplies, scholarship schemes, and other educational resources are just some of the tricks used to extract private details from unsuspecting users. Similarly, scams relating to back-to-school supplies such as uniforms and sportswear deals may also occur.
October: Cybersecurity Awareness Month
October is Cybersecurity Awareness Month in the UK. Ironically, it’s also a busy time for cybercriminals who increase their activity by preying on security vulnerabilities.
For example, the budget airline easyJet became a well-publicised victim of a highly sophisticated cyberattack in October 2019 when a data breach allowed access to 9 million customer records including the credit card details of 2,208 people.
Essentially, October provides hackers with various opportunities to exploit cyber awareness campaigns by sending phishing emails posing as cybersecurity training. Halloween is another easy way in for cybercriminals due to the high demand for Halloween-themed costumes, decorations, and other items, leading to a rise in online activity.
November: Black Friday Risks
November is shopping frenzy time as shoppers take advantage of incredible Black Friday and Cyber Monday online deals in time for Christmas. However, it also means a rise in phishing emails and scams offering fake products at a fraction of the original price. Not only that, but fraudulent online stores also pop up with the sole intention of stealing personal data including bank details and passwords. It’s a similar story on Bonfire Night when scams relating to fireworks, events, or merchandise begin to appear.
Meanwhile, telecom and internet provider Three Mobile UK suffered a major November data breach when hackers accessed the firm’s database using an employee’s credentials. They went on to access the private details of more 130,000 customers including names, phone numbers, dates of birth, and home addresses.
December: ‘Tis the Season for Cyber Scams
Like November, December brings a major surge in cyberattacks. Criminals thrive on the significant increase in online shopping, digital transactions, and exchanges of personal data that hackers are desperate to get their hands on. This makes shoppers more susceptible to phishing scams, fake promotions, and malicious software disguised as bargain holiday deals and other tempting offers. Similarly, there’s also an increase in tax scams around the festive period when hackers attempt to exploit the chaos and urgency of meeting year-end deadlines. Again, this puts businesses at heightened risk from phishing scams, ransomware attacks, and other security breaches aimed at extorting money and causing operational disruption.
There would be no festive celebrations for UK currency exchange firm Travelex one recent December when it experienced a serious, and costly, ransomware attack. Cybercriminals locked employees out of their system forcing the firm to shut down websites in 30 countries. Not only that, but Travelex paid more than £2 million in bitcoin to the ransomware gang for the return of the stolen data, lost an estimated £25 million in all, and was forced into administration leading to a full company restructure to reduce its debt.
A Cyber Attack Could Happen Any Day
It’s clear that certain months of the year present a greater threat of cyberattack for businesses and individuals more than others, and for very different reasons. However, the fact is cybercriminals don’t discriminate and can attack security systems 24/7, 365 days of the year. This hammers home the importance of practicing extreme vigilance and adopting robust and proactive cybersecurity measures to combat these daily digital threats posed by hackers who go to extreme lengths to steal highly valuable personal data and private information.
