Written by Ashwin Chaudhary, CEO, Accedere.
Cybersecurity attacks exhibit intriguing patterns throughout the year. While it’s not universally true
that most attacks occur in the last quarter, there are several reasons and notable trends, why
cybersecurity attacks tend to increase in the fourth quarter (Q4) of the year:
With reference to my knowledge and research, the above are the top 5 impacted sectors which needs
to proactively upgrade and implement security measures to reduce the impact of threat and incidents.
Active Attack Trends
- Holiday Season: The end of the year is typically marked by major holidays and shopping
events. Cybercriminals take advantage of this period to launch phishing attacks, often using
fake order receipts, spoofed shipment tracking, or fake holiday offer emails. - Human Error: Interestingly, 95% of cybersecurity breaches result from human error. Proper
training and awareness programs are crucial to mitigate this risk. - Increased Online Activity: With the holiday season, there’s a surge in online activity as people
shop for gifts and deals. This increased activity provides a larger target base for cybercriminals. - Professional Services Targeted: In Q4 2023, attackers focused heavily on the professional
services industry, with slight increases also observed in the healthcare sector, particularly in
respect to ransomware activity. - Evolution of Tactics: There’s a continuous evolution of phishing tactics, for example, a rise in
the use of QR codes was observed in Q4 2023. Also, business email compromise (BEC) attacks
continued to dominate. - Year-End Rush: Organizations and individuals are busy closing out the year, which may lead
to lapses in security practices. - Malware Attacks: Malware remains a prevalent threat. Between March and May 2023, threat
actors deployed an average of 11.5 attacks per minute, including 1.7 novel malware samples
per minute. Avast blocked a staggering 1.05 billion unique malware attacks in Q3 2023. - Budget Cycles: Many organizations allocate cybersecurity budgets for the upcoming year
during Q4, making them attractive targets. - Ransomware Activity: There was a significant increase in ransomware activity in Q4 2023,
accounting for 23% of all cases. - Spyware Attacks: In Q4 2023, the share of spyware attacks on organizations increased
compared to the previous quarter.
These trends point to a complex security landscape and indicate that organizations need to be
particularly vigilant about cybersecurity in the fourth quarter. It’s important for organizations to
maintain robust security protocols and educate their employees about potential threats.
Conclusion
The surge in cybersecurity attacks in the Q4 can be attributed to a confluence of factors. The period
witnesses heightened online activity due to significant events like Black Friday, Cyber Monday, and the
holiday season, presenting an expanded attack surface for cybercriminals. The prevalence of phishing
attacks also sees a marked increase during this time, with attackers leveraging fake emails related to
order receipts, shipment tracking, or holiday offers to gain unauthorized access. Certain industries,
notably professional services and healthcare are particularly targeted during this period. Additionally,
there is a resurgence of ransomware activity in Q4 following a relative lull in the Q3. The rise in spyware
attacks, especially stealers, further contributes to the overall increase in cybersecurity threats.
Therefore, organizations need to exercise heightened vigilance during Q4 and ensure robust
cybersecurity measures are in place to counter these threats.
About the Author
Ashwin Chaudhary is the CEO of Accedere, a Cyber Security, Privacy Audit, and Training Firm. He is a
CPA from Colorado, MBA, CITP, CISA, CISM, CGEIT, CRISC, CISSP, CDPSE, CCSK, PMP, ISO27001 LA, ITILv3
certified cybersecurity professional with about 20+ years of cybersecurity/privacy and 40+ years of
industry experience. He has managed many cybersecurity projects covering SOC reporting, ISO audits,
Privacy, IoT, Governance Risk, and Compliance as well as Technical Assessments such as VAPT and
Managing a 24×7 CSOC.
Reference links
Source link
