Security firm, Symantec’s 2016 Internet Security Threat Report has revealed some startlingly ominous statistics about the increased threat faced by businesses with websites and online applications. Although it’s grim reading, it makes it absolutely clear to webmasters about the need to be vigilant and to be thoroughly proactive when it comes to security. If you feel you may have been a little complacent in the past, the points below might just make you a little more cautious.
125% increase in zero-day vulnerabilities
For those who aren’t familiar with the term, a zero-day vulnerability is when there is a security hole in software that its developer does not know about. When this happens, the software can be hacked before the developers become aware, leaving it open to mass exploitation before a patch can be created to fix it.
These types of vulnerability are extremely dangerous as hackers have the potential to do untold damage to millions of users before the vulnerability comes to light. In 2015, there were 54 zero-day vulnerabilities discovered, a 125% increase on 2014. With a new zero-day security hole appearing every week, hackers are having a field day because once a developer has created a patch, they can simply move on to the next piece of vulnerable software.
According to Symantec, the two most vulnerable pieces of software in 2015 were Internet Explorer and Adobe Flash, both of which are used by many millions of businesses and private individuals. Aside from uninstalling the software, there is nothing a user can do to protect themselves until a patch is created. Once it is, it is essential that the update is applied without delay.
Huge increase in loss of personal data
For those companies that have been complacent about their compliance, the figures revealed in the 2016 report show an ever increasing need to remain vigilant about the loss and theft of personal data.
Symantec’s report tells us that 429 million personal records were lost or stolen during last year, a jump of almost a quarter on 2014. However, this is just the tip of the iceberg: the negative publicity that companies get following a data breach (think Ashley Madison and Talk Talk) has resulted in 85% of businesses failing to report the number of records lost during a breach. With this taken into account, Symantec reckons there were well over half a billion data records lost.
The implications for businesses are clear; you need to put in ever more robust security measures to protect your data: better policies, access controls, two-step authentication, stronger passwords, data encryption and intrusion prevention.
Major security weaknesses in 75% of websites
The failure of webmasters to thoroughly patch security weaknesses means that three-quarters of legitimate websites leave businesses and their customers vulnerable to attack or infection. In 2015, according to Symantec, over a million people’s computers and devices were attacked – every day!
They go on to add that 15% of websites have critical vulnerabilities where security is so poor that cybercriminals can gain control easily, with little effort and exploit the site for their own purposes. In the words of Symantec, itself, It’s time for website administrators to step up and address the risks more aggressively.
55% increase in spear phishing targeting employees
Spear phishing is a well-established form of email scam where people receive emails purporting to be from people they know or organisations they have dealings with. These emails often have credible information which misleads the receiver in believing them to be genuine; because of this, they unwittingly give away information the hacker needs to commit cybercrime.
Last year saw a 55% increase in the use of spear phishing attacks and 43% of these were aimed at small business. One of the important conclusions from Symantec’s findings is the need for businesses to have robust policies and regular staff training on phishing the reason being, that when an employee at a company succumbed to a phishing attack the usual result was an increase in the number of attacks on that company. Larger companies were more at risk of repeated attacks and these resulted in an average of 3.6 people per business falling foul of the scam and giving away important information.
Surprisingly, Symantec discovered that spear phishing was not just used by your archetypal cybercriminal, but was also employed by unscrupulous competitors undertaking industrial espionage and by foreign countries on state-sponsored hacks.
Ransomware increased 35% and spread to new territories
Ransomware is an easy way for hackers to make big profits. If you unwittingly install it on your computer, it is locked until you pay the ransom and the longer you take to pay, the more you will be charged. It has proved so effective, incidences have increased by 35% over the last year.
However, that is not the end of its developments. For the first time, the old style screen lock version of ransomware has been overtaken by the more pervasive encryption lock, which is much more difficult to get rid of without paying the ransom. In addition, its success with PCs has led to programmers making versions which now work on Mac, Linux and smartphones. Symantec has also proved it can be used on smartwatches and if this is possible, then the potential for it being used to ransom any Internet of Things device is certainly something that will trouble IoT developers in the future.
For businesses and other organisations the cost of ransomware can be very high. One hospital in California recently had to pay $17,000 for access to its server. Indeed, the downing of mission-critical apps whilst you pay the ransom could lose you more in business than the cost of the ransom itself.
Rise in fake technical support scams
Lots of people have experienced those phone calls where someone rings up telling you I’m from the technical department, there’s a problem with your computer. Whilst the vast majority of people know to put the phone down, these scams are on the increase. These days, the main way these scams operate is by using a popup on the computer screen to tell you that there is an urgent problem and then give you a free phone number where you can get help. Of course, they really want personal data and login information. Symantec blocked over 100 million of these popup attacks last year, so when you take the other antivirus software providers into account the number of attacks taking place must be huge.
Again, the message to businesses is to make sure that you have anti-virus and surfing protection software installed to block the popups and that your employees are well trained on what to do if these kinds of scams appear on their computers.
Once again, Symantec’s annual report shows how cybercriminals are increasing the numbers of attacks against businesses, stealing growing amounts of personal data and finding new and more sophisticated ways to exploit vulnerabilities in systems, software and people’s behaviour. If an attack against your business is successful, the consequences can be dire: financial loss, reputational damage, lawsuits and more.
To protect your company, make sure security is at the heart of your operations and that your web host provides you with the most up to date security solutions.
eUKhost provides a wide range of effective security measures to protect our clients, including SSL, website backup, SpamExperts email protection, site monitoring and intrusion protection, Mtvscan vulnerability scanning, 24×7 support staff and Fortigate firewalls.
If you are concerned about your organisation’s website security or want to know how eUKhost can protect your organisation, get in touch on 0800 862 0380.