norton overview - izeo · 1 symantec internet security threat report vol. 18, 2012 2 national small...
TRANSCRIPT
Norton Overview
Sophie Caron
SMBs represent the largest growth area for targeted attacks
– increasing threefold in the last
year1
81% of top tier SMBs said
using computing strategically is an effective way to increase market
share2Half of SMBs have fallen victim to a cyber-attack. Of
those, 61% occurred within the past year2
60% of all targeted attacks struck
small and medium businesses 3
SMBs are four times more at risk
of cyberattacks than larger companies4
The average amount of money stolen from SMBs by cyber-attacks
have tripled in just one year to $19.948 5
46% of SMBs said a targeted
attack would cause revenue loss6
1 Symantec Internet Security Threat Report vol. 18, 20122 National Small Business Association, 2014 Year-end Economic Report3 Symantec Internet Security Threat Report vol. 20, 20154 Symantec.com SkepticTM System data5 National Small Business Association, 2014 Year-end Economic Report6 “SMB Threat Awareness Poll,” Symantec, Sept. 2011
Small Businesses & Cybersecurity
Copyright © 2016 Symantec Corporation2
Distribution of attacks by organizations sizeSmall Businesses Are Now The Most Targeted : Security is not an option
• 43% of attacks in 2015 targeted small businesses, the most of any organization size.
• This is an almost 10% increase from 2014.
Copyright © 2016 Symantec Corporation3
Spear-Phishing Attacks by Size of Targeted Organization
Symantec Internet Security Threat Report, Version 21, April 2016
Top Industries Targeted In Spear Phishing Attacks
Copyright © 2016 Symantec Corporation4
Industry Detail Distribution Attacks per Org % Risk in Group*
1 Finance, Insurance, & Real Estate 34.9% 4.1 8.7%
2 Services 21.6% 2.1 2.5%
3 Manufacturing 13.9% 1.8 8.0%
4 Transportation & Public Utilities 12.5% 2.7 10.7%
5 Wholesale Trade 8.6% 1.9 6.9%
6 Retail Trade 2.5% 2.1 2.4%
7 Public Administration 2.0% 4.7 3.2%
8 Non-Classifiable Establishments 1.6% 1.7 3.4%
9 Mining 1.4% 3.0 10.3%
10 Construction 0.7% 1.7 1.1%
11 Agriculture, Forestry, & Fishing 0.2% 1.4 2.0%
Non SIC Related Industries
Energy 1.8% 2.0 8.4%
Healthcare 0.7% 2.0 1.1%
Symantec Internet Security Threat Report, Version 21, April 2016
No Cybersecurity Plans…No Worries
31% of SMBs are not taking any proactive cybersecurity measures
53% of SMBs report that they do not store valuable data
– But over 65% store email addresses, phone #’s, and other PII
Yet 58% of SMBs are worried about cyber attacks
5
Source: CSID Small Business Survey: 2016, May 2016 - https://www.csid.com/resources/white-papers/
Cybercrime in Belgium
62016 Internet Security Threat Report Volume 21
Belgium ranks 33rd globally, up from 44th in 2014 and 13th in Europe
624 ransomware attacks blocked each day:Belgium ranks 10th globally
Social media attacks: Belgium is #11 in the world and 4th in Europe: 241 attacks per day blocked
THE THREAT LANDSCAPE
317Mup 26%
y/y
Threat Landscape and Norton Risk Mitigation
8
431Mup 36% y/y
2014 20151 Billion New Pieces of Malware in
Less Than 3 Years
8
Consumer pays $300 on average
Hospital pays
$17000
Big Numbers Emerging Threats Norton ProtectionDigital extortion - Crypto-Ransomware
Fin, Insurance Real Estate
18%
Services 20%
Manuf20%
Transport, Public
utilities 11%
Wholesale Trade10%
Other21% Fin, Insurance,
Real Estate35%
Services22%
Manuf14%
Transport, Public Util
13%
Wholesale Trade
9%
Other7%
Spear-phishing
2014 2015
180 948
2010 - 2014 2015Mac is not safe either
Malware trends for Mac
World Class Protection
• 63M Users
• 4M Small Businesses
• 6.8M mobile devices
Global Support
• 280 severe security incidents daily
Telemetry & intelligence
• 31 billion + unique URLs
• 1.7 billion web requests
• 25 billion unique executable files
Monitored daily identify suspicious activity and preventmalicious attacks.
2000 Today
Antivirus
Virus & WormsEmail attachments
Adware, SpywareFreeware & Non-legitimate Web Sites
VISIBLE THREATS
10%
PhishingPaypal, eBay, online banking…
Drive-by downloadPopular websites
INVISIBLES THREATS90%
Internet Security Solution
SCAMPhishing scam email, …
10
CybercrimeA well-organized and highly lucrative market
90 USD Milliards per Year
Attack
Infection
Theft
Sold
Money
Mobility, new playground for cybercriminals
11
CryptoLocker Ransomware attacks both PC Android smartphones and tablets
“
”
Dendroid virus for Android smartphones“
”
Android malware trend (June 2012-June 2013)
Mobility, new playground for cybercriminals
12
The number of '' families '' threats increased by 69% The number of malware has increased by 4
Android malware trend (June 2012-June 2013)
Android ecosystem continues to incubate malware
Greyware / Madware
6.3M
Android Apps tracked by Norton Mobile Insight
Malicious
36%
17%
13
Copyright © 2015 Symantec Corporation14
Malware / Adware
Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user.
Adware, or advertising-supported software, is any software package that automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process. The functions may be designed to analyze which Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there.
15
Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive.
Ransomware
Ransomware
Ransomware
Your data is encrypted (possibly for ever!)
Your computeris unusable
(but it’s fixable)
Crypto - Ransomware
Digital Extortion aggressively on the riseNow also on Smartphones!
45x
Phishing / Smishing (SMS Phishing)
Obtain financial or other confidential information, typically by sending an email or an SMS that looks as if it is from a legitimate organization, but contains a link to a fake website that replicates the real one
• Step 1 :Fraudsters usurp an identity and create fraudulent emails.The purpose of the message: check , under false pretenses , your information by asking you to click "simply" a link.
• Step 2 :This link takes you to a fake web page.You are asked to complete various information.You have to disclose your confidential data without even knowing it .
Phishing
Phishing
Anti-Phishing: Block
“Fraudulent” – the site is known as a phishing site
Copyright © 2015 Symantec Corporation20
21
Drive-by download means two things, each concerning the unintended download of computer software from the Internet:- Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet).- Any download that happens without a person's knowledge, often a computer virus, spyware, malware, or crimeware.Drive-by downloads may happen when visiting a website, viewing an e-mail message or by clicking on a deceptive pop-up window
Drive-by Download
Copyright © 2015 Symantec Corporation22
SCAM - Social Media
A SCAM is an attempt to defraud a person or group after first gaining their confidence, used in the classical sense of trust.Criminals will go wherever there are people to be scammed. There are large numbers of people using well-established social media platforms, and, as such, they play host to plenty of scams.
Manual Sharing – These rely on victims to actually do the work of sharingthe scam by presenting them with intriguing videos, fake offers or messages that they share with their friends.
Fake Offering – These scams invite social network users to join a fake event or group with incentives such as free gift cards. Joining often requires the user to share credentials with the attacker or send a text to a premium rate number.
Likejacking – Using fake “Like” buttons, attackers trick users into clicking websitebuttons that install malware and may post updates on a user’s newsfeed, spreading the attack.
Fake Apps – Users are invited to subscribe to an application that appears to be integrated for use with a social network, but is not as described and may be used to steal credentials or harvest other personal data.
Comment Jacking – This attack is similar to the "Like" jacking where the attacker tricks theuser into submitting a comment about a link or site, which will then be posted to his/her wall.
Copyright © 2015 Symantec Corporation23
Social Media & SCAM
Copyright © 2015 Symantec Corporation24
Social Media & SCAM
Copyright © 2015 Symantec Corporation25
Social Media & SCAM
WHY NORTON
Copyright © 2016 Symantec Corporation26
Copyright © 2016 Symantec Corporation27
Copyright © 2016 Symantec Corporation28
Copyright © 2016 Symantec Corporation29
Copyright © 2016 Symantec Corporation30
Copyright © 2016 Symantec Corporation31
SSL Certificats
• https://www.symantec.com/ssl-certificates/?sl=awareness_ytvideo#overview
Copyright © 2016 Symantec Corporation32
Symantec SSL/TLS certificates, formerly by VeriSign, uses industry-leading SSL encryption across all products, with various solutions for website and server security. Extended Validation (EV) SSL certificates will increase customers' confidence and help your website reach its full potential. You can compare and buy Symantec SSL Certificates, to make sure your customers are safe from search to browse to buy.