August 26, 2009
Report: Hackers Taking a Break, Return to Work during Christmas Season
By David Sims, TMCnet Contributing Editor
Tufin Technologies, vendors of security lifecycle management products, conducted a "Hacker Habits" survey among 79 hackers attending DEFCON 17 in Las Vegas earlier this month.
Contrary to a widely-circulated urban myth, eighty-nine percent of hackers claimed that IT professionals taking a summer vacation would have "little impact" on their hacking activities. Also, 81 percent said they are "far more active" during the winter holidays with 56 percent citing Christmas as the best time to engage in corporate hacking and 25 percent specifically naming New Years Eve.
Bear in mind that the validity of this study, of course, rests in the amount of faith you put in a hacker's word and your confidence that they aren't engaged in a bit of creative misdirection. This reporter wonders why else they would be far more active over Christmas unless their middles names are "Grinch" or "Scrooge."
"The survey reveals that the Christmas and New Year holidays are popular with hackers targeting Western countries," says Michael Hamelin, chief security architect, Tufin Technologies. "Hackers know this is when people relax and let their hair down, and many organizations run on a skeleton staff over the holiday period."
Again, taking a bunch of hackers' word for it, you should be most on guard against hacking weekday evenings, as 52 percent said that this is when they spend most of their time hacking. Thirty-two percent favored during work hours (weekdays), and just 15 percent hack on weekends.
Ninety-six percent of hackers in the survey said it doesn't matter how many millions a company spends on its IT security systems, it's all a waste of time and money if the IT security administrators fail to configure and watch over their firewalls.
"This may be stating the obvious," says Hamelin correctly, "but poorly configured firewalls remain a significant risk for many organizations. It's not the technology that's at fault, but rather the configuration and change control processes that are neglected or missing altogether."
Follow ITEXPO (News - Alert) on Twitter: twitter.com/itexpo
David Sims is a contributing editor for TMCnet. To read more of David’s articles, please visit his columnist page. He also blogs for TMCnet here.
Edited by Jessica Kostek