SlideShare une entreprise Scribd logo

Cybercriminals and security attacks

GFI Software
GFI Software

This document discusses the top cybersecurity threats facing small and medium-sized businesses. It begins by noting that malware attacks are increasingly common, with over 1 million new malware samples uncovered each month. It then explores the main threats, which include spear phishing scams, poisoned search engine results, keylogging malware, and infected USB drives. The document stresses that layered security is needed to protect against these evolving threats, including antivirus software that can detect new malware quickly and employee education on security best practices.

Technologie
1  sur  5
Télécharger pour lire hors ligne
GFI White Paper Cybercriminals and security attacks: What your business must know Malware attacks have become increasingly prevalent with more than one million unique malware samples uncovered each month.1 And with threats on the rise, businesses are starting to question the capabilities of their security infrastructure.
Contents Introduction 3 What the headlines don’t tell you 3 The malware (r)evolution 3 Spear phishing scams 3 Poisoned searches 3 Keylogging 3 Flash drives and USB sticks 4 Protect your business with layered security 4 About GFI VIPRE® Antivirus Business 4 About GFI 4 Cybercriminals and security attacks: What your business must know 2
This white paper explores today’s top security risks for small and medium-sized businesses (SMBs) and the tools necessary to protect against next-generation malware and cybercrime. What the headlines don’t tell you Citigroup Inc., Sony Corp., Nintendo, PBS and CIA hacks have all made front-page news recently. Despite widespread coverage of these security breaches, many cybercrimes go unreported in an effort to maintain customer confidence and, in the case of publicly traded companies, protect shareholder value. Although most headline-making hacks involve large corporations, cybercrime is a very real and steadily growing threat to SMBs. Cybercriminals target SMBs for several reasons, including monetary gain, to access sensitive data or files, to exploit security weaknesses or just for fun. Cyber attacks are more sophisticated and more targeted than ever. So are the hackers and malware writers getting smarter? Or are anti-malware and endpoint security solutions falling short? It’s a little bit of both. The malware (r)evolution Traditional viruses represent only a fraction of the current threat landscape. Today, the top security risks for SMBs are: Spear phishing scams Targeted email attacks where cybercriminals send fake emails that appear surprisingly authentic. These emails often mimic the look and/or style of communications sent by banks or credit card companies and “phish” for personal information. Oftentimes, spear phishing emails link to malicious websites, where login credentials are stolen, or include malicious attachments, that install malware on end-user machines. Between July and December 2010, the Anti-Phishing Working Group (APWG) identified 67,677 phishing attacks. Based on this, the analysis of cybercriminal activities – including the development of unique malicious websites – and the financial benefits afforded spear phishing scams, the APWG reports these types of threats will continue to grow exponentially. As the number of malicious email scams increase, network security measures must also. Traditional AV spam and virus filters are often ineffective in catching spear phishing attempts. With today’s threat landscape, it’s imperative to choose an antivirus solution that accurately identifies and strips malicious attachments from emails, blocks dangerous URLs and protects users from visiting phishing sites. Employee education is also critical. Poisoned searches An estimated 300+ million people conduct Google searches each day. So it’s no surprise that malware writers have begun to capitalize on search engine results, using current, popular searches to propagate malware. These poisoned searches push bogus URLs to the top of SEO rankings, sending users to sites that host malicious code. SEO poisoning is a popular attack vector that capitalizes on high-searched phrases, such as “free porn,” and high-profile events, such as the “Royal Wedding.” According to the 2010 Websense Threat Report, 22.4 percent of the top 100 Google searches resulted in poisoned URLs, up from 13.7 percent in Q2 of 2009.2 Since poisoned searches have the potential to infect machines or even take down a network, user education is key. Reminding employees to only rely on trusted news sources, type URLs directly into web browsers and to be leery of download prompts may save future headaches. Keylogging Commercial keylogging programs serve valid purposes, such as tracking kids’ computer-related activities or assessing employees’ site visits and online traffic. However, malicious keyloggers do not – operating in stealth mode to grab screenshots, log user activities and gain passwords, financial data and other personal information from machines. 1 AV-TEST Institute, www.av-test.org/en/statistics/malware 2 Websense 2010 Threat Report, www.websense.com/content/threat-report-2010-introduction.aspx Cybercriminals and security attacks: What your business must know 3
The legality of keylogging and other PC monitoring tools is a hotly debated topic. Regardless, IT administrators must be aware of the existence of keyloggers and monitoring apps on their network, authorized or not. If an employee installs these tools without IT’s knowledge, they are exposing the organization to unnecessary risk. Flash drives and USB sticks Flash drives and USB sticks allow employees to transfer documents, data and files to work from home or another offsite location. And while doing so may increase employee productivity, it also puts network security at risk. In a July 2011 report from the Ponemon Institute3 70 percent of companies traced the loss of confidential data to USB sticks. Of that, 55 percent were related to malware attacks. The 2010 Stuxnet worm outbreak is another example of the dangers of USB sticks. This spyware worm spread undetected via infected memory sticks to thousands of machines in the U.S., India, Indonesia and other countries. So how can the convenience of working remotely be achieved while still keeping the network secure? The answer is simple: choose an antivirus solution that scans self-running media, such as USB drives, for malware when a removable device is inserted. Protect your business with layered security Whether your organization has 10 employees, 500 or 50,000, security threats don’t discriminate. To ensure that the latest malware doesn’t wreak havoc on your business, drain user productivity, or take a major hit on IT resources, you must be prepared with the best security solutions available. When it comes to AV software, you need a reliable product that automatically scans for the latest viruses and malware. IT should be able to easily monitor the solution, without worries of false positives or strains on network performance. The right AV product will offer protection against zero-day threats, and will scan emails and URLs for malicious code and attachments. New malware is developed rapidly, and your antivirus solution should update frequently and protect against all threats – from the infection vector to the payload execution. Unfortunately, even the best AV solution cannot always overcome human behavior. Cybercriminals, realizing this, use social engineering techniques to prey on the good, trusting nature of individuals, getting them to click on poisonous URLs and unwittingly open dangerous attachments. Because of this, every business must educate its employees on today’s security threats. About GFI VIPRE® Antivirus Business VIPRE Antivirus Business combines the latest antivirus and anti-spyware detection and removal technologies to protect against next-generation malware threats in a comprehensive and highly efficient manner. Built by IT administrators for IT administrators, VIPRE is easy to install, easy to deploy and easy to manage with minimal network and system performance impact. The solution delivers superior endpoint protection against viruses, worms, spyware, Trojans, bots and rootkits via a single, powerful anti-malware engine and wide range of detection methods, including Cobra™ heuristics for first-level heuristic analysis and Active Protection™ for real- time malware detection inside the Windows kernel. About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. 3 “Second Annual Cost of Cyber Crime Study,” July 2011, Ponemon Institute Cybercriminals and security attacks: What your business must know 4
USA, CANADA AND CENTRAL AND SOUTH AMERICA GFI 2011 Nov01 33 North Garden Ave, Suite 1200, Clearwater, FL USA Telephone: +1 (888) 688-8457 Fax: +1 (727) 562-5199 ussales@gfi.com 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com For a full list of GFI offices/contact details worldwide, please visit http://www.gfi.com/contactus Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

Recommandé

Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016Nathan CAVRIL
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking SectorQuick Heal Technologies Ltd.
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 

Recommandé

Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016Nathan CAVRIL
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking SectorQuick Heal Technologies Ltd.
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaSylCotter
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...Symantec
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-finalMarco Morana
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success media and technology pvt ltd
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Marco Morana
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Advanced monitoring
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineRapidSSLOnline.com
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Perimeter Security is Failing
Perimeter Security is FailingPerimeter Security is Failing
Perimeter Security is FailingUL Transaction Security
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - CybersecurityAbhilashYadav14
 
Greylisting
GreylistingGreylisting
GreylistingGFI Software
 
Antivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonAntivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonGFI Software
 

Contenu connexe

Tendances

Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaSylCotter
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...Symantec
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-finalMarco Morana
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Marco Morana
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Advanced monitoring
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineRapidSSLOnline.com
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - CybersecurityAbhilashYadav14
 

Tendances (20)

Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)Dna
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
 
Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattsson
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
Perimeter Security is Failing
Perimeter Security is FailingPerimeter Security is Failing
Perimeter Security is Failing
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
 

En vedette

Antivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonAntivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonGFI Software
 
Why You Need an Email Exploit Detection Engine
Why You Need an Email Exploit Detection EngineWhy You Need an Email Exploit Detection Engine
Why You Need an Email Exploit Detection EngineGFI Software
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerGFI Software
 
GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI Software
 

En vedette (6)

Greylisting
GreylistingGreylisting
Greylisting
 
Antivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonAntivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization Comparison
 
Why You Need an Email Exploit Detection Engine
Why You Need an Email Exploit Detection EngineWhy You Need an Email Exploit Detection Engine
Why You Need an Email Exploit Detection Engine
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManager
 
Data Backups
Data BackupsData Backups
Data Backups
 
GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment Strategies
 

Similaire à Cybercriminals and security attacks

Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catchiYogi
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023CBIZ, Inc.
 
2021 Cybersecurity Recap: How Did We Fare Last Year?
2021 Cybersecurity Recap: How Did We Fare Last Year? 2021 Cybersecurity Recap: How Did We Fare Last Year?
2021 Cybersecurity Recap: How Did We Fare Last Year? XNSPY
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Most Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesMost Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesBryTech INC
 
Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023K7 Computing Pvt Ltd
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
Introduction to MicroSolved, Inc.
Introduction to MicroSolved, Inc.Introduction to MicroSolved, Inc.
Introduction to MicroSolved, Inc.MRMaguire
 
Hackers don’t discriminate
Hackers don’t discriminateHackers don’t discriminate
Hackers don’t discriminateGFI Software
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...IRJET Journal
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowShantam Goel
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfInfinityGroup5
 

Similaire à Cybercriminals and security attacks (20)

Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Cyber security
Cyber securityCyber security
Cyber security
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
 
2021 Cybersecurity Recap: How Did We Fare Last Year?
2021 Cybersecurity Recap: How Did We Fare Last Year? 2021 Cybersecurity Recap: How Did We Fare Last Year?
2021 Cybersecurity Recap: How Did We Fare Last Year?
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Most Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesMost Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling Enterprises
 
Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
Introduction to MicroSolved, Inc.
Introduction to MicroSolved, Inc.Introduction to MicroSolved, Inc.
Introduction to MicroSolved, Inc.
 
Hackers don’t discriminate
Hackers don’t discriminateHackers don’t discriminate
Hackers don’t discriminate
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
 

Plus de GFI Software

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013GFI Software
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data BackupsGFI Software
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class SeriesGFI Software
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™GFI Software
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementGFI Software
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security SolutionsGFI Software
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web SecurityGFI Software
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR SpamGFI Software
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
Binary translation
Binary translationBinary translation
Binary translationGFI Software
 

Plus de GFI Software (20)

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class Series
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log Management
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security Solutions
 
Maxmp greylisting
Maxmp greylistingMaxmp greylisting
Maxmp greylisting
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your Network
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR Spam
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Binary translation
Binary translationBinary translation
Binary translation
 
Stopping Malware
Stopping MalwareStopping Malware
Stopping Malware
 

Dernier

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Dernier (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Cybercriminals and security attacks

  • 1. GFI White Paper Cybercriminals and security attacks: What your business must know Malware attacks have become increasingly prevalent with more than one million unique malware samples uncovered each month.1 And with threats on the rise, businesses are starting to question the capabilities of their security infrastructure.
  • 2. Contents Introduction 3 What the headlines don’t tell you 3 The malware (r)evolution 3 Spear phishing scams 3 Poisoned searches 3 Keylogging 3 Flash drives and USB sticks 4 Protect your business with layered security 4 About GFI VIPRE® Antivirus Business 4 About GFI 4 Cybercriminals and security attacks: What your business must know 2
  • 3. This white paper explores today’s top security risks for small and medium-sized businesses (SMBs) and the tools necessary to protect against next-generation malware and cybercrime. What the headlines don’t tell you Citigroup Inc., Sony Corp., Nintendo, PBS and CIA hacks have all made front-page news recently. Despite widespread coverage of these security breaches, many cybercrimes go unreported in an effort to maintain customer confidence and, in the case of publicly traded companies, protect shareholder value. Although most headline-making hacks involve large corporations, cybercrime is a very real and steadily growing threat to SMBs. Cybercriminals target SMBs for several reasons, including monetary gain, to access sensitive data or files, to exploit security weaknesses or just for fun. Cyber attacks are more sophisticated and more targeted than ever. So are the hackers and malware writers getting smarter? Or are anti-malware and endpoint security solutions falling short? It’s a little bit of both. The malware (r)evolution Traditional viruses represent only a fraction of the current threat landscape. Today, the top security risks for SMBs are: Spear phishing scams Targeted email attacks where cybercriminals send fake emails that appear surprisingly authentic. These emails often mimic the look and/or style of communications sent by banks or credit card companies and “phish” for personal information. Oftentimes, spear phishing emails link to malicious websites, where login credentials are stolen, or include malicious attachments, that install malware on end-user machines. Between July and December 2010, the Anti-Phishing Working Group (APWG) identified 67,677 phishing attacks. Based on this, the analysis of cybercriminal activities – including the development of unique malicious websites – and the financial benefits afforded spear phishing scams, the APWG reports these types of threats will continue to grow exponentially. As the number of malicious email scams increase, network security measures must also. Traditional AV spam and virus filters are often ineffective in catching spear phishing attempts. With today’s threat landscape, it’s imperative to choose an antivirus solution that accurately identifies and strips malicious attachments from emails, blocks dangerous URLs and protects users from visiting phishing sites. Employee education is also critical. Poisoned searches An estimated 300+ million people conduct Google searches each day. So it’s no surprise that malware writers have begun to capitalize on search engine results, using current, popular searches to propagate malware. These poisoned searches push bogus URLs to the top of SEO rankings, sending users to sites that host malicious code. SEO poisoning is a popular attack vector that capitalizes on high-searched phrases, such as “free porn,” and high-profile events, such as the “Royal Wedding.” According to the 2010 Websense Threat Report, 22.4 percent of the top 100 Google searches resulted in poisoned URLs, up from 13.7 percent in Q2 of 2009.2 Since poisoned searches have the potential to infect machines or even take down a network, user education is key. Reminding employees to only rely on trusted news sources, type URLs directly into web browsers and to be leery of download prompts may save future headaches. Keylogging Commercial keylogging programs serve valid purposes, such as tracking kids’ computer-related activities or assessing employees’ site visits and online traffic. However, malicious keyloggers do not – operating in stealth mode to grab screenshots, log user activities and gain passwords, financial data and other personal information from machines. 1 AV-TEST Institute, www.av-test.org/en/statistics/malware 2 Websense 2010 Threat Report, www.websense.com/content/threat-report-2010-introduction.aspx Cybercriminals and security attacks: What your business must know 3
  • 4. The legality of keylogging and other PC monitoring tools is a hotly debated topic. Regardless, IT administrators must be aware of the existence of keyloggers and monitoring apps on their network, authorized or not. If an employee installs these tools without IT’s knowledge, they are exposing the organization to unnecessary risk. Flash drives and USB sticks Flash drives and USB sticks allow employees to transfer documents, data and files to work from home or another offsite location. And while doing so may increase employee productivity, it also puts network security at risk. In a July 2011 report from the Ponemon Institute3 70 percent of companies traced the loss of confidential data to USB sticks. Of that, 55 percent were related to malware attacks. The 2010 Stuxnet worm outbreak is another example of the dangers of USB sticks. This spyware worm spread undetected via infected memory sticks to thousands of machines in the U.S., India, Indonesia and other countries. So how can the convenience of working remotely be achieved while still keeping the network secure? The answer is simple: choose an antivirus solution that scans self-running media, such as USB drives, for malware when a removable device is inserted. Protect your business with layered security Whether your organization has 10 employees, 500 or 50,000, security threats don’t discriminate. To ensure that the latest malware doesn’t wreak havoc on your business, drain user productivity, or take a major hit on IT resources, you must be prepared with the best security solutions available. When it comes to AV software, you need a reliable product that automatically scans for the latest viruses and malware. IT should be able to easily monitor the solution, without worries of false positives or strains on network performance. The right AV product will offer protection against zero-day threats, and will scan emails and URLs for malicious code and attachments. New malware is developed rapidly, and your antivirus solution should update frequently and protect against all threats – from the infection vector to the payload execution. Unfortunately, even the best AV solution cannot always overcome human behavior. Cybercriminals, realizing this, use social engineering techniques to prey on the good, trusting nature of individuals, getting them to click on poisonous URLs and unwittingly open dangerous attachments. Because of this, every business must educate its employees on today’s security threats. About GFI VIPRE® Antivirus Business VIPRE Antivirus Business combines the latest antivirus and anti-spyware detection and removal technologies to protect against next-generation malware threats in a comprehensive and highly efficient manner. Built by IT administrators for IT administrators, VIPRE is easy to install, easy to deploy and easy to manage with minimal network and system performance impact. The solution delivers superior endpoint protection against viruses, worms, spyware, Trojans, bots and rootkits via a single, powerful anti-malware engine and wide range of detection methods, including Cobra™ heuristics for first-level heuristic analysis and Active Protection™ for real- time malware detection inside the Windows kernel. About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. 3 “Second Annual Cost of Cyber Crime Study,” July 2011, Ponemon Institute Cybercriminals and security attacks: What your business must know 4
  • 5. USA, CANADA AND CENTRAL AND SOUTH AMERICA GFI 2011 Nov01 33 North Garden Ave, Suite 1200, Clearwater, FL USA Telephone: +1 (888) 688-8457 Fax: +1 (727) 562-5199 ussales@gfi.com 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com For a full list of GFI offices/contact details worldwide, please visit http://www.gfi.com/contactus Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.