Make Trust an Asset to Your Online Business 1Make Trust an Asset to Your Online BusinessSix things that can kill your websiteAndrew HorburyProduct Marketing Manager - Symantec
Todays agenda• Online threats – numbers and attack vectors• Six things and recommendations1. Malware2. Malvertising3. Search Engine Blacklisting4. Security Warnings5. Phishing6. Consumer Security Concerns• More information2Make Trust an Asset to Your Online Business
Website Security: Six things that can kill your websiteand how to stop themMake Trust an Asset to Your Online Business 3Your website isyour shopfront, your brandon display and anessential salesand marketingtool.
millionattack sensors make up the Symantec GlobalIntelligence Network.Make Trust an Asset to Your Online Business 5
Headline statsMake Trust an Asset to Your Online Business 6247,350 web attacks blocked per day5,291 New Vulnerabilities identified23% of email contains malware53% of scanned websites have unpatched vulnerabilities24 Million identities lost in one breach in Jan 20121 in 414 emails is a phishing email1 in 291 emails contains a virus69% of all email is SPAMSource: Symantec ISTR http://www.symantec.com/threatreport/
2012 trends: Small Business under attack• Small businesses are the path ofleast resistance for attackers• Small businesses believe they areimmune to attacks targeted atthem– Even worse, the lack of adequatesecurity practices by smallbusinesses threatens all of us• Small businesses are morenumerous than enterprises, havevaluable data, and are often lesswell-protected than largercompanies• Small businesses often used asspring boards into largercompanies– The websites of small businesses andorganisations are in many casesbeing used in targeted attacksMake Trust an Asset to Your Online Business 7
threatsMake Trust an Asset to Your Online Business 8
1. Website malware• Webservers can be attacked by malware just like desktop PCs• In 2012, Symantec’s technology scanned over 1.5 millionwebsites as part of our Website Malware Scanning andVulnerability Assessment:– Over 130,000 URLs were scanned for malware each day, with 1 in 532 ofwebsites found to be infected with malware• Over 1,400 vulnerability scans were performed each day– 53% of websites scanned were found to have unpatched, potentiallyexploitable vulnerabilities, of which 24% were deemed to be critical– The most common vulnerability? Cross-site scripting.Make Trust an Asset to Your Online Business 9
of identified malicious sites are regular websitesMake Trust an Asset to Your Online Business 10
How do criminals break into a website in the firstplace?• Criminals buy ready-made malware, such as the Sakuratoolkit, which is then installed on someone else’s website. Itscans visitors’ computers for known vulnerabilities and picks themost effective exploit to infect them.Make Trust an Asset to Your Online Business 11Recommendations:• Keep your website server software upto date• Control access to key systems – usestrong password, determine whoneeds access• Scan your site for malware andvunerabilities.
vulnerabilities reported in 2012Make Trust an Asset to Your Online Business 12
2. Malvertising• What is Malvertising?– Malvertising (“Malicious Advertising’) is the use of online advertising tospread malware.Make Trust an Asset to Your Online Business 13In 2012, drive-by Web attacksincreased by one third, possibly driven by malvertising.Recommendations:• Use reputable advertising networks.• Where possible, limit adverts’ ability to run code (e.g. use static images or plain text).• Consider a Malvertising scanning tool. Symantec AdVantage, a cloud-hosted tool designed toblock malvertising with real-time monitoring and the ability to trace malware back to its source.
Nothing says don’t visit my site likeMake Trust an Asset to Your Online Business 14
3. Search engine blacklisting• Search engines block upwardsof 6,000 sites each day• Blacklisting can have adevastating effect on your sitetraffic and your brandreputationRecommendations:• Protect your site againstmalvertising and malware• Avoid dubious search engineoptimisation techniques• Sign up for Google and Bingwebmaster tools to get emailwarnings if your site isblacklisted.Make Trust an Asset to Your Online Business 15
247,350Web attacks blocked per dayMake Trust an Asset to Your Online Business 16
4. Security warnings and expired certificates• Imagine you’re ready tobuy, but as you click onthe checkout button,your browser gives you asecurity warningbecause of an out ofdate SSL certificate.What now?– Shop elsewhere never toreturn…Make Trust an Asset to Your Online Business 17
Security warnings and Expired certificatesMake Trust an Asset to Your Online Business 18Recommendations:• Audit your certificates so you know what you have, whosupplies them and when they expire• Consolidate certificates under a single managementumbrella• Set up alerts and diary notes to remind you in good timebefore certificates expire.
5. Brand impersonation (phishing)Make Trust an Asset to Your Online Business 19Criminals use well-knownnames and brands to trickpeople into disclosingconfidential information orinstalling malware.79% of companies experiencedone or more Web-borne attacksin 2012, and 55 percent wereaffected by phishing attacks.**Webroot/Qualittics Research 2012
PhishingRecommendations:• Use Extended Validation SSL Certificates to authenticate yoursite and reassure customers that they are not using a phishingsite• Consider implementing Always-on SSL which provides a visiblereassurance that a user’s interaction with your site is secure andencrypted from start to finish.Make Trust an Asset to Your Online Business 20
6. Customer security concernsMake Trust an Asset to Your Online Business 21
First ImpressionsFirst Impressions are often the only impressionsOn average, a visitor to your website will spend a maximumof 10-20 seconds on any one page.Make Trust an Asset to Your Online Business 22
Make Trust an Asset to Your Online Business 25Recommendations:• You ARE trustworthy so make itobvious• Display a visible sign of yourwebsites security• Consider Always on SSL• Communicate your added value• Reduce clutter on your site
750million times a dayNumber of times per day the Norton Secured Seal is viewedMake Trust an Asset to Your Online Business 26
Key takeawaysYou will be targeted take precautions• Scan for malware• Look for vulnerabilitiesDemonstrate trust – it really adds valueThen finally…MAKE YOUR SITE THE BEST IT CAN BE,TEST AND RETEST, GO BEYOND THE SITE,REDUCE THE CLUTTER, BE THERE TOHELP, ESTABLISH & DEMONTRATE TRUSTMake Trust an Asset to Your Online Business 27
Linkage28How Long Do Users Stay on Web Pages: http://www.nngroup.com/articles/how-long-do-users-stay-on-web-pages/Slow Loading: http://www.nytimes.com/2012/03/01/technology/impatient-web-users-flee-slow-loading-sites.html?pagewanted=all&_r=1&Checkout Challenges: http://econsultancy.com/uk/blog/11297-effective-ecommerce-tackling-the-checkout-challengeXSS Cross Site Scripting: http://vimeo.com/9765188Always be testing: http://www.amazon.co.uk/Always-Testing-Complete-Website-Optimizer/dp/0470290633/ref=sr_1_3?ie=UTF8&qid=1359999021&sr=8-3Which Site Seal do People Trust the Most? (2013 Survey Results):http://baymard.com/blog/site-seal-trustMake Trust an Asset to Your Online Business
24:31Make Trust an Asset to Your Online Business 29
Learn More30Web http://www.symantec.com/en/au/ssl-certificatesFollow us @NortonSecuredLike us fb.me/SymantecWebsiteSecuritySolutionsRead our blog symantec.com/connect/blogs/website-security-solutionsSee our latest tips https://www.staysecureonline.comISTR http://www.symantec.com/threatreport/http://www.symantec.com/threatreport/quarterly.jspWhitepapers Symantec-wss.comMake Trust an Asset to Your Online Business
31Thank you!Andrew Horburyandy_horbury@symantec.comMake Trust an Asset to Your Online Business