Cyber Attacks Don't Take The Holidays Off

For most of us, the holidays usually mean some time away from work, a chance to hang out with friends and family, and an excuse to kick up our feet and relax a little. That is, unless, you happen to be in the cyber attack business, where the holidays could be the perfect time for you to strike unsuspecting e-commerce sites and deal-happy consumers. Do cyber attacks take the holidays off?

The folks at CloudFlare, providers of commercial, cloud-based services to help secure and accelerate websites, looked at data across more than 100,000 websites. According to their data analysis, on a typical day, 15.31% of requests to a website are some sort of cyber threat. While that pattern is relatively stable, the day-to-day average can swing by as much as 10%.


In looking back at this year’s holidays, cyber attacks seem to be the heaviest around May Day, Mother’s Day, Halloween, and Veteran’s Day. If those numbers hold true, that means you’ll want to do your online shopping for flowers, gifts, and costumes a little bit early.

On the flip side, those with the biggest decrease are China National Day and National Back to Church Day. One could be the result of divine intervention from a higher cyber power. The other could be the result of a spike in infected computers in China that are offline and therefore can’t be used to launch attacks at that time. "We can’t say that the holidays themselves are the cause of increases or decreases in attacks," explained Matthew Prince, cofounder and CEO of CloudFlare. "It is interesting, however, that China National Day saw a big decrease in attacks since the majority of attacks we see originate from China."

Attacks affect different types of sites at different times. For example, while overall attack traffic was relatively stable on Cyber Monday, CloudFlare found that e-commerce sites saw a 45% increase in attack traffic directed at them on the busiest online shopping day of the year.

CloudFlare’s data helps to serve as an important reminder: Just because you’re wearing stretchy pants and taking a nap after a big holiday meal doesn’t mean hackers are doing the same. They could be hard at work, looking for opportunities to take advantage of all of the noise caused by the hustle and bustle of the holidays to prey on unsuspecting shoppers. 

Pay Shawn's digital tree house a visit at or continue the conversation on Twitter.

For more leadership coverage, follow us on Twitter and LinkedIn.

[Image: Flickr user kevin dooley]

Add New Comment


  • Laz

    I found your article to be quite interesting, especially with my current background in e-commerce and financial institutions. I understand  that the holiday season is always a time of year when online shopping surges and Cyber Monday is the peak in this trend. As you know, the role that web session intelligence plays in the detection and prevention of online fraud  is increasingly important as the use of web-based applications expands and industry regulations evolve. I'd like to mention the types of threats facing e-commerce organizations and address the specific layer of the website these attacks are occurring.  The actions that are carried out via the web server are defined as the Navigation Layer of a website. Visibility into the Navigation Layer enables organizations to determine whether or not they need to report a potential risk or attack, and ideally limit the exposure to the attack. As the availability of data and functionality continue to be moved to web servers (whether for traditional web browser use or mobile application use) it is critical to monitor this portion of the infrastructure to determine if events are occurring and where appropriate, alert as close to the first occurrence of the event as possible. Using the Navigation Layer to garner true web intelligence is the surest way to ensure you are monitoring and protecting this critical layer of your infrastructure. This concept is especially important in e-commerce and a critical component to corporate security strategy. I feel that knowledge on these specific topics is key to ensuring customers are protected, as I'm sure you would agree.