Tis the season to be jolly but the ‘scamma dem deh yah’ and as a result, data protection firm Symptai Consulting Limited is urging companies and individuals to be on the lookout for 12 main attacks that fraudsters could commit during the busy Yuletide season.

“We know the festive season is filled with high commercial activities and relaxed employees, creating the perfect opportunity for nefarious characters to take advantage of vulnerabilities in your organisation. While you are ‘decking the halls’ and ‘making merry’, cyber criminals are working overtime to fleece your company during this season,” Symptai experts have warned in their latest public sensitisation campaign.

The 12 scams singled out included: Ransomware, phishing e-mail, data breach, password attacks, network hacking, reputational damage, systems hacking, SQL injection, device theft, distributed denial of service (DDoS), unsecured or fake free Wi-Fi, and malicious insider.

Through these attacks crooks use well-orchestrated and cunning ways to hijack systems, steal money and information and in some instances requiring large sums as ransom.

According to Rory Ebanks, director of cybersecurity at Symptai Consulting, the listing of these attacks, though playing on the 12 days of Christmas tradition, also represents just a fraction of scores of other breaches ranking high “among the most common ones that data experts have been experiencing and could easily identify.”

“If we look at the first three, namely ransomware, phishing and data breaches — those are often found among the top breaches anywhere in the world,” he said speaking in an interview with the Jamaica Observer late last week.

“Once you have an IT footprint you are vulnerable, as ransonware [a type of malware from cryptovirology that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid] doesn’t care if you are a large or small company or even an individual,” he added.

Driven by the prevalence of cyber-attacks seen within the last few years, cases which ballooned to 289 billion for Latin America and the Caribbean in 2021 — 600 per cent above the prior year and representing some 10 per cent of global threat, the regional cybersecurity company through its 12 scams of Christmas campaign is strongly underscoring the need for data users to remain vigilant while being aware and taking every measure to keep their information and systems protected.

“We have seen a lot of cases where companies have spent millions on security and still end up getting breached, we therefore can never be too cautious,” Ebanks stated, noting everyone has a role to play in the security process.

Findings from a Fortiguard Labs report have indicated that for the first three months of this year alone, approximately 137 billion attacks were committed by hackers, near half of that committed for the 12 months of last year. Statistics from the University of Maryland have also shown that attacks are now being done every 39 seconds or 2,244 times a day as criminals find new ways to exploit data systems. IBM in a data breach report has estimated the average cost for a single breach of companies to reach US$4.4 million in 2022.

Enticing companies to boost up their security posture, the Symptai executive outlined a number of measures including penetration tests, cloud security, cyber compliance review, social engineering and the use of monitoring systems among some of the safety mechanisms it could pull from its broad spectrum of services to counter growing cases of attacks, which now locally is often seen within the banking and finance and retail industries

“A lot of companies still don’t report information relating to breaches or attacks, so it is significantly under-reported, but from what we have been seeing the cases are definitely growing, also keeping us very busy,” Ebanks told Sunday Finance.

Sharing some practical recommendations, the data security, who is also a certified ethical hacker and computer hacking forensics investigator, spoke to additional measures, companies and individuals can engage to ward off potential attacks.

“Conduct periodic penetration or security assessments, ensure that security awareness training is being conducted and that there are clear plans in place to quickly respond to threats,” he said, pointing also to the importance of having multiple layers of security and protection including updated firewalls, antivirus and end-point protection, encryption and back-up systems, the use of strong passwords along with the tracking/monitoring of devices and the activation of biometrics (fingerprint and eye-scan).