Website Security Threats - December 2013 Update

667 views

Published on

Our look at the latest security threats and predictions for 2014. To view Symantec Website Security Solution's webcast click here https://www.brighttalk.com/webcast/6331/92441

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
667
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Website Security Threats - December 2013 Update

  1. 1. WEBSITE SECURITY THREATS: DECEMBER 2013 UPDATE Wednesday 4th December 2013 Andrew Horbury Andrew Shepherd Product Marketing Manager EMEA Marketing Manager andy_horbury@symantec.com andrew_shepherd@symantec.com
  2. 2. Agenda 1 Month in Numbers 2 2014 Security Predictions 3 Every Organisation a Target 4 Ransomware Update 5 Attack, Attack, Attack 6 Good news Website Security Threats: December 2013 Update
  3. 3. The month in numbers….. • Eurobarometer Survey out this week reveals – 76% European Internet users believe that the risk of becoming a victim of cybercrime has increased in the past year – 46% have installed antivirus software – 10% of EU Internet users have experienced online fraud and a further 6% were victims of identity theft – 37% worried about a malicious party taking or misusing their personal data. When banking or shopping online. • Anchorfree Survey on Public Wi-Fi usage – 4 out of 5 concerned about ID theft when using public Wi-Fi – 8 out of 10 however still happy to connect to public WiFi – Smartphone and tablet users were three times more likely than laptop users to connect to Wi-Fi in a shopping mall or tourist attraction. Website Security Threats: December 2013 Update
  4. 4. Love by numbers • Stolen Cupid data reveals weak password choices Password Times used 123456 1,902,801 111111 1,212,235 123456789 574,914 1234567 173,235 12345678 140,734 0000000 107,996 Iloveyou 91,269 1234567890 81,755 ?????? 79,046 123123 79,013 Website Security Threats: December 2013 Update
  5. 5. Love plus one Password Times used Iloveyou 91,269 lovely 54,045 qwerty 40,023 password 37,241 azerty 33,579 loveme 32,645 aaaaaa 30,273 mylove 28,266 iloveu 23,787 zxcvbnm 20,362 Website Security Threats: December 2013 Update Password creation tips A strong password: • Is at least eight characters long • Does not contain your user name, real name, or company name. • Does not contain a complete word. • Is significantly different from previous passwords. • Contains Uppercase, lowercase, numbers and symbols.
  6. 6. Security Predictions for 2014 Symantec: • People will finally begin taking active steps to keep their information private • Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure • The “Internet of Things” becomes the “Internet of Vulnerabilities” • Mobile apps will prove that you can like yourself too much Other: • Advanced malware volume will decrease • Attackers will be more interested in cloud data than your network • Attackers will increasingly lure executives and compromise organizations via professional social networks • Exploit kits will struggle for power in the wake of the Blackhole author arrest Website Security Threats: December 2013 Update
  7. 7. Every organisation could be a target for hackers Website Security Threats: December 2013 Update
  8. 8. Assumption #1: I’m too small to be attacked 50% 2,501+ 50% 1 to 2,500 Employees 2,501+ 9% 1,501 to 2,500 2% 3% 5% 1,001 to 1,500 501 to 1,000 251 to 500 50% 31% 1 to 250 Greatest growth in 2012 is at companies with <250 employees Small business often not well protected, but connected to others Website Security Threats: December 2013 Update
  9. 9. Targeted Attacks by Company Size 50% 2,501+ 50% 1 to 2,500 Employees 2,501+ 9% 1,501 to 2,500 2% 3% 5% 1,001 to 1,500 501 to 1,000 87% of SMBs suffered a cyberattack last year, only 50% 44% see security as a 31% priority. 251 to 500 1 to 250 18% in 2011 Greatest growth in 2012 is at companies with <250 employees Small business often not well protected, but connected to others Website Security Threats: December 2013 Update
  10. 10. Assumption #2: Only CEOs and Senior Management are targeted 30% R&D 27% Sales 24% 25% C-Level 17% 20% 15% Senior 12% Shared Mailbox 13% 10% 5% Recruitment 4% Media 3% PA 1% 0% Attacks may start with the ultimate target, but often look opportunistically for any entry into a company Website Security Threats: December 2013 Update
  11. 11. Every Organisation could be a target 3 tips to bear in mind 1 Attacking weak passwords: A surprising number of servers and applications have default passwords or simple passwords. 2 Phishing key users: A now age-old trick that is becoming even more sophisticated as hackers pick up passwords and gain access by targeting key users. 3 Exploiting old and unpatched software: Unpatched systems are an easy target, especially given all the well-known and distributed exploits for old software. Website Security Threats: December 2013 Update
  12. 12. Ransomware – Like a Business • Anti-Fraud Service for Fraudsters • Multiple Pricing options • “FBI" Ransomware – Now offers optional extras – Authors resort to disturbing images in bid to make victims pay • Cryptolocker – Continues to cause problems – Roughly 25 per cent of computers are not running any real-time protection vs. malware – Encrypts files with full PKI encryption and sets a deadline – Offers a discount? 2  0.5 Bitcoins Website Security Threats: December 2013 Update
  13. 13. Encrypting the world’s Web traffic • All Web traffic could be encrypted under new HTTP standard proposals • Yahoo Mail enabling SSL by default • If you want to make sure you’re using an SSL connection whenever possible, also check out the Electronic Frontier Foundation’s HTTPS Everywhere browser plugin for Chrome and Firefox. https://www.eff.org/https-everywhere Website Security Threats: December 2013 Update
  14. 14. Attack, Attack, Attack • ​Google Dork: 35,000 websites using a type of proprietary internet message board software that were vulnerable to a flaw that allowed hackers to create new admin account. • Anonymous claimed to have hacked UK Parliament’s Wi-Fi during Million Mask march in London Website Security Threats: December 2013 Update
  15. 15. Good News • It can happen to the best of us… – Chief Wiggum not such a distant reality • No Beard? No worries! – Red-haired women tend to choose the best passwords and men with bushy beards or unkempt hair, the worst Website Security Threats: December 2013 Update
  16. 16. Link Glossary (Press Print screen now) • EFF Always on SSL App – https://www.eff.org/https-everywhere • Infographic for 2014 predictions – http://www.symantec.com/connect/blogs/2014-predictions-symantec-0 • Register Article on Anonymous parliament – http://www.theregister.co.uk/2013/11/12/anonymous_hacked_government_sites_usi ng_parliament_wifi/ • BBC The gentle art of cracking passwords – http://www.bbc.co.uk/news/technology-24519306 • Symantec WSS Resources – @nortonsecured – www.facebook.com/websitesecuritysolutions – www.symantec-wss.com Website Security Threats: December 2013 Update
  17. 17. Next webinar: Thursday 9th January 2014 9.30am UK / 10.30am CET Thank you! Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552 896 Andrew Horbury andy_horbury@symantec.com / +44 7703 468 966 Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Website Security Threats: December 2013 Update

×