Most cyber-attacks happen in February, business owners are warned

10/01/2023

SMALL business cloud hosting provider Cloudways, a DigitalOcean company has analysed cyber security data to reveal which time of year businesses experience the most cyber attacks, making that period the most dangerous month for businesses cyber security. 

Security is paramount for creating a successful business and building customer trust. One study showed that 45% of customers would not use a company if their data was compromised in a cyberattack. Online retailers and businesses need to ensure their cyber security is water-tight to protect their customer’s valuable data – especially when they’re looking to drive sales and conversions; but eCommerce businesses be warned: the most dangerous months for cyber security may be during your peak sales season. The study names February, March, October and December the most dangerous season for cyber attacks. 

The research by Cloudways identified February as one of the most high-risk months, with an average of 83 companies breached every year, leading to an average of 767,475,033 breached records. 

To make matters worse for businesses, February and the new year is preceded by three other high-risk cyber attack months. October, November and December also rank highly as dangerous months for cyber attacks. 

Extra caution needs to be taken by small businesses as their websites are the most vulnerable on the internet. 60% of SMBs fall victim to a cyber attack within the first six months of operations. 

Year Review: Which month has the highest number of cyber attacks and companies breached? 

MonthTotal Security Incidents Per Month – Companies Breached (2017-2022)Average Security Incidents Per Month – Companies Breached
December41683
October41583
May41383
February41383
March39679
July38577
November37274
June36272
January35471
September35471
April35070
August34970

The threat of cyber attacks on businesses is huge, especially when any successful attacks could lead to financial, reputational and legal damage – a scenario that can result in your business failing or going under. 

So, how do businesses ensure their websites are able to withstand any possible cyber attacks during their peak season and ensure their website is a fortress throughout the year? 

How can businesses protect against cyber attacks? 

  • Invest in secure systems. All the savvy in the world won’t protect you or your employees from flawless phishing attacks sent from within internal software. The more essential a system is to your operation, the more important it is that you ensure it’s shielded from the full battery of modern cybersecurity attacks. Arranging secure hosting with high-end security such as Cloudways with its Cloudflare CDN integration prevents your back-end systems from developing weak points. It also protects against computer viruses, Trojan horses, and spyware that can steal, encrypt, delete, alter, or hijack user information.
  • Be stingy with key logins. The more widely you share important login information, the more vulnerable it becomes. If someone needs one file or piece of information, have a trusted user source it for them — and if they genuinely need broad access, give them obscured login details through a suitable password manager you centrally control such as LastPass, NordPass or Dashlane.
  • Protect customer data. Keeping track of your customer data is vital. Businesses should clearly understand the amount of data they have and what it is used for.  Store all customer data in an encrypted system and provide access to only authorized accounts through a secure gateway. 
  • Set clear emergency procedures. When employees believe they’ve received urgent demands from their employers, they can feel intensely pressured to act immediately. Corporations need to make it absolutely clear why and when they might reach out to workers with emergency requests, explaining how they can verify legitimacy. Vitally, employers also need to stress which requests they’ll never make like demanding immediate bank transfers without using standard payment processes.
  • Check emails carefully. Ransomware attack attempts often come through email, so analysing email domains, content and sender information before acting on any of the actions in the email is vital. Email domains are extremely hard to flawlessly spoof, so even if an email looks to be from the right domain, a close examination might reveal some extra or substituted characters. More often than not, a phishing email has a domain that doesn’t fit the content at all. 
  • Update your systems. Updating key operating systems such as security software is vital for cyber security. Attackers target outdated software to glean valuable data from neglected websites. For many websites or business owners, ensuring all operations are updated can be very time-consuming, but automatic safe updates technology can allow automatic system updates to run securely in the background.  

Paul Haverstock, VP of Engineering at Cloudways, offered the following tips on preparing business cybersecurity for crisis situations:

“Social engineering (which relies heavily on human interaction) is often the most common form of cyber attack. Therefore it’s important to remember it’s the people that are often an organization’s first line of defence when it comes to cybersecurity. 

“Ensuring your entire workforce is suitably trained in cybersecurity best practice is essential. If they don’t know how to identify a phishing attempt or create a secure login, that potentially puts your company at just as much risk as having insufficient security controls in place. 

“A ‘defence in depth’ approach (whereby multiple defences are layered on top of one another to protect against a range of security threats) is always the best way forward. That’s why most cloud-based web hosting solutions will come with multi-faceted security features (including firewalls, SSL certificates, two-factor authentication, end-to-end encryption and more) – when it comes to security, you should leave nothing to chance.

“Often, cybercriminals target outdated software that contains publicly-known vulnerabilities. That’s why it’s critically important to keep all software packages up-to-date: updated software releases likely address and remediate known issues from previous versions. Any outdated software that exists within an organization’s infrastructure is potentially a ticking time bomb, so it’s important to have a robust patch management policy in place to ensure that all software is updated on a regular basis.”

The Latest Stories

InnoScot Health backs World Intellectual Property Day aim of ‘building common future’ through innovation 
UK astronaut Rosemary Coogan aims for the stars after graduation
BGF leads new investment round for Hyble, as martech company disrupts US market
IT company and social enterprise, The Apprentice Store, recognises increased social impact in the Highlands through annual Supporters Awards