“The January Effect”: Grab Your Popcorn?

One security expert says January seems to be a time of spectacular, high-profile Internet attacks. This is interesting, but on the same level as paging through Wikipedia and concluding that every Mayan Long Count (5100 year) cycle seems to mark a new level of human civilization (rise of farming, then the Egyptians, now…?). It /could/ be true, but it takes a bit more work than that to eliminate confirmation bias. Doesn’t mean it’s not a reason to double-check the defenses.

More interesting is that there’s a better-established correlation in investing. Those guys do have the impetus to get rid of confirmation bias, so perhaps it does have something to do with human social rhythms.


” Jeffrey Carr, an author on cyberwarfare and founder and CEO of Taia Global, noted in a post on Infosec Island this week that he has noticed a major breach or act of cyber warfare that kicks off the New Year—every year since 2009.

Carr calls it “The January Effect,” a well-established term in the investment world that refers to an expected price rise in securities after the first of the year. The effect, he said, is viewed as an opportunity for the bad guys.

He listed four major events as evidence:

December 2008 – January 2009: Operation Cast Lead, a land war between Israel and Hamas that included thousands of simultaneous cyberattacks.
December 2009 – January 2010: Google and 20-plus other companies were breached.
January 2011 (approximate) – March 2011: RSA was breached sometime early in 2011, and announced it on March 17, 2011.
January 2012: A hacker announced that he had Symantec’s source code for Norton and other products.

“It may start in December and then get publicized in January, or happen in January and get publicized a bit later but it has happened four years in a row now so I fully expect it to occur once again,” he wrote.

[See also: The 15 worst data security breaches of the 21st Century]

Some other security experts say they don’t dispute the events presented, but aren’t sure they stand out as all that different from other major attacks during the rest of a given year.

“The facts are what they are,” said Jody Westby, CEO of Global Cyber Risk. “What is missing is any comparison with other months of the year. Was January really that different? We have had so many high profile incidents, in part because they are now more openly reported and media picks up on them more.” “

%d bloggers like this: