SlideShare une entreprise Scribd logo

Symantec & WSJ PRESENTS "MALWARE on Main Street" ...

MZERMA Amine
MZERMA Amine

SPECIAL REPORT : SECURE BUSINESS ... How-to avoid being hostage of ransomware attacks ? How-to preserve collaborators work, identities, access ? "WHY CYBER PROTECTION CAN'T WAIT ?!" This SPECIAL report from our Partner SYMANTEC, realized in collaboration with WSJ CUSTOM Studios is really a NEED to Read for ALL Executives, Leaders, Influencers, Owners, Admins, ...

Business
1  sur  12
Télécharger pour lire hors ligne
IN COLLABORATION WITH Malware on Main Street: Why Cyberthieves Increasingly Target Small Firms WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content.
TABLE OF CONTENTS Introduction 3 Thieves Get Personal 4 Key Cyberprotection Steps For Small Business 7 Why Cyberprotection Can’t Wait 11
When cybercriminals set out to steal data from one of America’s largest retailers in 2013, they did not attack the company directly. Instead, they sent malware-laced emails to employees of a small mechanical contractor that had access to the retailer’s network for billing. When the emails were opened, the malware evaded the small company’s anti-malware software—reportedly a free edition intended for personal use—allowing the hackers to install a password-stealing program on the small company’s computer. The program captured the usernames and passwords that were issued to the small company and the hackers used them to gain access to the large retailer’s network. Once in the network, they inserted malicious software that made its way to cash registers, capturing more than 40 million credit- and debit-card records. This theft was the largest, most high-profile data breach in U.S. history. It also exposed a growing and serious threat: Cybercriminals are increasingly targeting small companies using sophisticated, highly customized techniques in order to gain access to the data troves of their customers and vendors. “There are more attack campaigns being targeted to small and medium businesses than ever before,” says Kevin Haley, Director of the Security Response Team at Symantec Corporation. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. INTRODUCTION 3
THIEVES GET PERSONAL While small companies have long been vulnerable to cyberattacks and data breaches, thieves have gotten savvier about compromising and breaking into their systems, Haley says. They extensively research their target companies and design highly personalized attacks that con business owners, executives, and employees into providing access to sensitive data. They view small companies as easier targets than large companies because small firms often lack the sophisticated alert systems and other internal procedures designed to fend off attacks. Techniques that thieves increasingly use against small businesses include: Sending personalized phishing emails. “Spear-phishing” is when cybercriminals send personalized emails that present themselves as legitimate people seeking specific information, whether a business’s credit-card number or network logon credentials. If an email recipient provides such information, the criminal can use it to break into a network or perpetrate identity theft. The emails also often contain links to websites that, if clicked, will download malware to the recipient’s computer, potentially infecting the company’s entire network as well as the networks of its vendors and customers. According to the Symantec Internet Security Threat Report 2014, spear-phishing attacks increased 91% between 2013 and 2014. The study also found that attacks aimed at businesses with 250 or fewer employees accounted for 30% of targeted spear-phishing. Haley warns that attackers “are being very selective” and, rather than sending mass phishing emails to large numbers of people, are personalizing emails to make them appear more authentic and safe. WSJ. Custom Studios ©2014 According to the Symantec Internet Security Threat Report 2014, spear- phishing attacks increased 91% between 2013 and 2014. The Wall Street Journal news organization was not involved in the creation of this content. 4
Charles Tendell, CEO of Azorian Cyber Security, a Denver-based consulting firm, says cybercriminals often mine social media for personal information that can be used to cause email recipients to relax their vigilance and increase the odds they will hand over sensitive information. Even a Facebook page in which an employee discusses his or her hobbies or leisure activities can help a thief write an email that seems trustworthy, he says. Identifying new loopholes. The highly publicized 2014 Heartbleed bug exposed massive amounts of data stored on web servers, including many passwords, by taking advantage of a security flaw in the commonly used encryption standard OpenSSL. An estimated 17% of all web servers were vulnerable to the bug. Security loopholes like Heartbleed are called “zero- day” vulnerabilities because they become public before software makers are aware of them, giving them no time to prepare patches before the bug could cause problems. Small companies with internal servers are most at risk of such bugs because they are less likely than large companies to apply preventative patches in a timely manner, security experts say. And zero-day threats are increasing as cyberthieves become better at finding them, Haley says. In 2013, 23 new zero-day vulnerabilities emerged, twice as many as in the prevous year. “I don’t expect these numbers to go back down in the next year or so,” he adds. Holding networks hostage. An even faster-growing threat to small companies is “ransomware,” a type of malware that renders a computer system useless without a password. After a system is disabled by the malware, a hacker demands a ran- som in exchange for allowing employees to regain access to the system. Ransomware attacks grew 500% in 2013, Symantec’s threat study found. Haley says these attacks have become more malicious because attackers have gotten better at disguising ransomware as legitimate email attachments and get business owners or employees to download it unknowingly. A particularly vicious and well-known form of ransomware called “CryptoLocker” encrypts files on victims’ computers until Ransomware attacks grew 500% in 2013, Symantec’s threat study found. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. 5
they pay for a password key. Without the password, it is im- possible to recover their files. The U.S. Department of Justice reported that CryptoLocker had infected more than 234,000 computers as of April 2014—half in the United States—and each victim was forced to pay up to $700 or more for keys in order to regain access to his or her files. The department cited one estimate that more than $27 million in ransom payments were made in the first two months since the malware appeared. Hiding malware on reputable websites. “Wa- tering hole” attacks are another form of cyber- crime that has grown quickly. Thieves exploit vulnerabilities in legitimate, but poorly protected, websites and automatically download malware on visitors’ com- puters. Symantec’s study found that 77% of legitimate websites had exploitable vulnerabilities. Compromising POS systems. Attacks on point-of-sale systems have grown rapidly, in part because they provide thieves with direct access to payment-card data. They may involve sev- eral techniques, often starting with spear-phishing, with the ultimate goal of accessing corporate networks and installing data-stealing malware. The results can be lucrative for thieves and incredibly costly to the business. Last year, it was reported that a specific type of emerging malware called POSCLOUD was being used to target cloud-based POS software often used by small retailers. The malware logs users’ keystrokes and grabs screenshots to monitor customer flow and steal personal data. Targeting personal devices. As many small companies allow employees to use their personal devices—including smartphones, tablet computers, and laptops—for work, thieves are getting sav- vier about designing attacks specifically geared toward using less-secure personal devices as a way to break into small busi- nesses’ networks and systems. Many employees use personal devices to store work information or check and send emails. Many small companies don’t adequately protect themselves against these risks until it’s too late. That’s partly due to lack of awareness of the risks, but also because they wrongly believe that reliable cyberprotection is expensive or time-consuming. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. 6
KEY CYBERPROTECTION STEPS FOR SMALL BUSINESS Despite the growing risks to small firms, cyberprotection does not have to be time-consuming or costly. In fact, many times the simplest measures are the most effective. “Cybersecurity cannot make you perfectly secure,” Azorian Cyber Security’s Tendell says. “But it’s going to make you a much harder target than the business next door that doesn’t have anything.” Here are several ways security experts say small businesses and their IT managers can better protect themselves: Educate Employees One of the most effective cybersafety measures is educating employees on key risks and how to avoid them. This includes in- structing them to not hand over sensitive business information, such as account numbers and passwords via email, or clicking on links in emails from unknown senders. Creating a written cybersecurity policy can help enforce rules and provide information to help employees prevent data loss. For example, requiring employees to use hard-to-crack passwords with multiple symbols and numbers on all employer- issued and personal computers and devices used for work can prevent hackers from breaking into key accounts. The business should also consider enacting a policy for cloud-based solutions that allows for the storage and sharing of information online, and employees should be made aware of the risks of using unapproved software or services and freeware. The company can steer employees toward safe software and services by providing IT-approved solutions. This policy should allow only essential employees access to sensitive data, such as customer networks. Emphasis should WSJ. Custom Studios ©2014 Creating a written cybersecurity policy can help enforce rules and provide information to help employees prevent data loss. The Wall Street Journal news organization was not involved in the creation of this content. 7
be placed on employees most likely to be targeted: According to the Symantec threat report, executive assistants, public rela- tions managers, and senior managers, are most at risk. Back Up Data Regularly Instituting a formal data backup procedure can prevent the business from becoming completely disabled by a cyberattack, particularly from ransomware that locks employees out of the system. Much of today’s most sophisticated ransomware is unbreakable, even by skilled forensic experts, Tendell says. Backing up data on a regular schedule, at least weekly, also helps shield against data loss due to a natural disaster, fire, hardware failure, or accidents. Accidental data loss is a major risk that many small businesses aren’t prepared for, according to Symantec’s Haley. The 2014 Symantec threat report found that 56% of all data loss resulted from accidents, such as smartphones or laptops left in taxis. “While we need to be concerned about breaches, we can’t neglect data that is accidentally lost,” he says. Keep Security Patches Up-To-Date A business that outsources its website hosting to a large domestic provider may not have to worry about updating patches, as the hosting company often handles that task, Tendell says. Smaller or very low-cost overseas web-hosting providers, however, may be less reliable. Companies that use third-party hosting services should avoid sharing their physical server with other websites. Those who host their own sites should make sure all security patches are routinely checked and updated. Attackers don’t stop exploiting small businesses just because a patch is available. In fact, they prey on businesses that don’t take immediate action to apply updates. The 2014 Symantec threat report found that 56% of all data loss resulted from accidents, such as smartphones or laptops left in taxis. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. 8
Deploy a Robust Cyberprotection Solution Today’s most comprehensive cyberprotection solutions can pro- vide a small business with robust coverage at a cost-effective price. When choosing a solution, the company’s IT professional should ensure that it provides continuous, always-on coverage— meaning it protects the business around-the-clock and provides a real-time shield against emerging cybersecurity risks. Given the serious and growing threat of disguised malware attacks, the cyberprotection solution should be able to identi- fy potential malware before employees click on infected links or unknowingly download malware on their devices. It should provide timely alerts of needed security-patch updates. Today’s leading cyberprotection solutions designed for small compa- nies can detect spyware and malware in real time as employees browse the Internet. It also can identify potentially dangerous websites in online search results before an employee clicks on them and protect against potential attacks when employees are working on public Wi-Fi networks, whether at the airport or a coffee shop. Small companies may be tempted to try to save money by rely- ing on consumer-grade cyberprotection software they can get for free. However, free versions often lack the most advanced and up-to-date features necessary for warding off today’s rap- idly evolving threats. For example, a free anti-malware program that only provides on-demand scanning of a single system does not provide nearly as much protection as one that constantly scans incoming files for signs of dangerous software. Many free cybersecurity software programs are intended for personal use only and not designed for the more sophisticated needs of businesses. Customer support on free software is A free anti-malware program that only provides on-demand scanning of a single system does not provide nearly as much protection as one that constantly scans incoming files for signs of dangerous software. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. 9
often very limited or even nonexistent—a major concern if a problem or attack occurs. Free solutions also may not keep up with the ever-changing cyberthreat landscape. Cyberprotection programs designed specifically for small busi- nesses can be easily managed by a one-person IT department or even a part-time IT consultant. Programs that can be ac- cessed via the cloud (the Internet) allow a small business to easily and quickly set up protection for new devices and em- ployees as it grows. Another piece of good news: Even as small businesses’ cyber-risks grow, comprehensive protection has become far more affordable. “Stuff that when I started in IT was only available for enterprises is now available for small- to medium-sized businesses at very reasonable cost,” says Jerod Powell, president of InfinIT Consulting, a San Jose-based chain of small business IT consulting firms. Powell says when security is applied holistically—including setting up network firewalls and data-encrypting employees’ laptops—it can provide very strong protection. Many free cybersecurity software programs are intended for personal use only and not designed for the more sophisticated needs of businesses. The Wall Street Journal news organization was not involved in the creation of this content. WSJ. Custom Studios ©2014 10
WHY CYBERPROTECTION CAN’T WAIT Cyberattacks are only getting more sophisticated and harder to detect. As cyberthieves get savvier, businesses and their IT professionals must work hard to keep pace with the ever- changing threat landscape. Not too long ago, it would have seemed unlikely that a small mechanical contractor could unwittingly provide entry into a major corporation’s customer billing records. Today, such events make headlines regularly. Taking the right protective measures, including enacting cybersecurity policies and employee training and using the right solutions, can reduce much of today’s risk. Cloud-based cyberprotection solutions can offer greater security because they provide always-on coverage and automatically update to ensure a small company is protected against the latest risks. As cyberthieves around the world work hard to create more personalized, savvier attacks against small businesses, it’s more critical than ever that businesses are prepared. WSJ. Custom Studios ©2014 Not too long ago, it would have seemed unlikely that a small mechanical contractor could unwittingly provide entry into a major corporation’s customer billing records. Today, such events make headlines regularly. The Wall Street Journal news organization was not involved in the creation of this content. 11
IN COLLABORATION WITH The Wall Street Journal news organization was not involved in the creation of this content NEW YORK 1155 Avenue of the Americas 5th Floor New York, NY 10036 LONDON 222 Grays Inn Road London WC1X 8HB United Kingdom HONG KONG 25/F, Central Plaza 18 Harbour Road Wanchai Hong Kong Robin Riddle, Global Publisher 212-659-2492 Robin.Riddle@wsj.com www.wsjcustomstudios.com This work was commissioned by Symantec. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 www.Symantec.com WSJ. Custom Studios The most trusted news source in the world is now creating best-in-class branded content solutions across all platforms, globally. WSJ. Custom Studios, the content marketing division of The Wall Street Journal, partners with marketers to create innovative solutions that inform, inspire and engage the most powerful audience in the world. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content.

Recommandé

W verb68
W verb68W verb68
W verb68James1280
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usКомсс Файквэе
 
Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Ainsha Noordin (Umie)
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 

Recommandé

W verb68
W verb68W verb68
W verb68James1280
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usКомсс Файквэе
 
Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Ainsha Noordin (Umie)
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingSeqrite
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industrySeqrite
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for LawyersMark Lanterman
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Securitykailash shaw
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public SectorSeqrite
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 

Contenu connexe

Tendances

Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingSeqrite
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industrySeqrite
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for LawyersMark Lanterman
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Securitykailash shaw
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public SectorSeqrite
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 

Tendances (20)

Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industry
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for Lawyers
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh Webinar
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail Industry
 
Information security
Information securityInformation security
Information security
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 

Similaire à Symantec & WSJ PRESENTS "MALWARE on Main Street" ...

Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences MagazineThe Lifesciences Magazine
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityAardwolf Security
 
NYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-SecurityNYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-SecurityOndrej Krehel
 

Similaire à Symantec & WSJ PRESENTS "MALWARE on Main Street" ... (20)

Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Data security
Data security Data security
Data security
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
 
NYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-SecurityNYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-Security
 
What Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets BreachedWhat Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets Breached
 

Dernier

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 

Dernier (20)

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 

Symantec & WSJ PRESENTS "MALWARE on Main Street" ...

  • 1. IN COLLABORATION WITH Malware on Main Street: Why Cyberthieves Increasingly Target Small Firms WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content.
  • 2. TABLE OF CONTENTS Introduction 3 Thieves Get Personal 4 Key Cyberprotection Steps For Small Business 7 Why Cyberprotection Can’t Wait 11
  • 3. When cybercriminals set out to steal data from one of America’s largest retailers in 2013, they did not attack the company directly. Instead, they sent malware-laced emails to employees of a small mechanical contractor that had access to the retailer’s network for billing. When the emails were opened, the malware evaded the small company’s anti-malware software—reportedly a free edition intended for personal use—allowing the hackers to install a password-stealing program on the small company’s computer. The program captured the usernames and passwords that were issued to the small company and the hackers used them to gain access to the large retailer’s network. Once in the network, they inserted malicious software that made its way to cash registers, capturing more than 40 million credit- and debit-card records. This theft was the largest, most high-profile data breach in U.S. history. It also exposed a growing and serious threat: Cybercriminals are increasingly targeting small companies using sophisticated, highly customized techniques in order to gain access to the data troves of their customers and vendors. “There are more attack campaigns being targeted to small and medium businesses than ever before,” says Kevin Haley, Director of the Security Response Team at Symantec Corporation. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. INTRODUCTION 3
  • 4. THIEVES GET PERSONAL While small companies have long been vulnerable to cyberattacks and data breaches, thieves have gotten savvier about compromising and breaking into their systems, Haley says. They extensively research their target companies and design highly personalized attacks that con business owners, executives, and employees into providing access to sensitive data. They view small companies as easier targets than large companies because small firms often lack the sophisticated alert systems and other internal procedures designed to fend off attacks. Techniques that thieves increasingly use against small businesses include: Sending personalized phishing emails. “Spear-phishing” is when cybercriminals send personalized emails that present themselves as legitimate people seeking specific information, whether a business’s credit-card number or network logon credentials. If an email recipient provides such information, the criminal can use it to break into a network or perpetrate identity theft. The emails also often contain links to websites that, if clicked, will download malware to the recipient’s computer, potentially infecting the company’s entire network as well as the networks of its vendors and customers. According to the Symantec Internet Security Threat Report 2014, spear-phishing attacks increased 91% between 2013 and 2014. The study also found that attacks aimed at businesses with 250 or fewer employees accounted for 30% of targeted spear-phishing. Haley warns that attackers “are being very selective” and, rather than sending mass phishing emails to large numbers of people, are personalizing emails to make them appear more authentic and safe. WSJ. Custom Studios ©2014 According to the Symantec Internet Security Threat Report 2014, spear- phishing attacks increased 91% between 2013 and 2014. The Wall Street Journal news organization was not involved in the creation of this content. 4
  • 5. Charles Tendell, CEO of Azorian Cyber Security, a Denver-based consulting firm, says cybercriminals often mine social media for personal information that can be used to cause email recipients to relax their vigilance and increase the odds they will hand over sensitive information. Even a Facebook page in which an employee discusses his or her hobbies or leisure activities can help a thief write an email that seems trustworthy, he says. Identifying new loopholes. The highly publicized 2014 Heartbleed bug exposed massive amounts of data stored on web servers, including many passwords, by taking advantage of a security flaw in the commonly used encryption standard OpenSSL. An estimated 17% of all web servers were vulnerable to the bug. Security loopholes like Heartbleed are called “zero- day” vulnerabilities because they become public before software makers are aware of them, giving them no time to prepare patches before the bug could cause problems. Small companies with internal servers are most at risk of such bugs because they are less likely than large companies to apply preventative patches in a timely manner, security experts say. And zero-day threats are increasing as cyberthieves become better at finding them, Haley says. In 2013, 23 new zero-day vulnerabilities emerged, twice as many as in the prevous year. “I don’t expect these numbers to go back down in the next year or so,” he adds. Holding networks hostage. An even faster-growing threat to small companies is “ransomware,” a type of malware that renders a computer system useless without a password. After a system is disabled by the malware, a hacker demands a ran- som in exchange for allowing employees to regain access to the system. Ransomware attacks grew 500% in 2013, Symantec’s threat study found. Haley says these attacks have become more malicious because attackers have gotten better at disguising ransomware as legitimate email attachments and get business owners or employees to download it unknowingly. A particularly vicious and well-known form of ransomware called “CryptoLocker” encrypts files on victims’ computers until Ransomware attacks grew 500% in 2013, Symantec’s threat study found. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. 5
  • 6. they pay for a password key. Without the password, it is im- possible to recover their files. The U.S. Department of Justice reported that CryptoLocker had infected more than 234,000 computers as of April 2014—half in the United States—and each victim was forced to pay up to $700 or more for keys in order to regain access to his or her files. The department cited one estimate that more than $27 million in ransom payments were made in the first two months since the malware appeared. Hiding malware on reputable websites. “Wa- tering hole” attacks are another form of cyber- crime that has grown quickly. Thieves exploit vulnerabilities in legitimate, but poorly protected, websites and automatically download malware on visitors’ com- puters. Symantec’s study found that 77% of legitimate websites had exploitable vulnerabilities. Compromising POS systems. Attacks on point-of-sale systems have grown rapidly, in part because they provide thieves with direct access to payment-card data. They may involve sev- eral techniques, often starting with spear-phishing, with the ultimate goal of accessing corporate networks and installing data-stealing malware. The results can be lucrative for thieves and incredibly costly to the business. Last year, it was reported that a specific type of emerging malware called POSCLOUD was being used to target cloud-based POS software often used by small retailers. The malware logs users’ keystrokes and grabs screenshots to monitor customer flow and steal personal data. Targeting personal devices. As many small companies allow employees to use their personal devices—including smartphones, tablet computers, and laptops—for work, thieves are getting sav- vier about designing attacks specifically geared toward using less-secure personal devices as a way to break into small busi- nesses’ networks and systems. Many employees use personal devices to store work information or check and send emails. Many small companies don’t adequately protect themselves against these risks until it’s too late. That’s partly due to lack of awareness of the risks, but also because they wrongly believe that reliable cyberprotection is expensive or time-consuming. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. 6
  • 7. KEY CYBERPROTECTION STEPS FOR SMALL BUSINESS Despite the growing risks to small firms, cyberprotection does not have to be time-consuming or costly. In fact, many times the simplest measures are the most effective. “Cybersecurity cannot make you perfectly secure,” Azorian Cyber Security’s Tendell says. “But it’s going to make you a much harder target than the business next door that doesn’t have anything.” Here are several ways security experts say small businesses and their IT managers can better protect themselves: Educate Employees One of the most effective cybersafety measures is educating employees on key risks and how to avoid them. This includes in- structing them to not hand over sensitive business information, such as account numbers and passwords via email, or clicking on links in emails from unknown senders. Creating a written cybersecurity policy can help enforce rules and provide information to help employees prevent data loss. For example, requiring employees to use hard-to-crack passwords with multiple symbols and numbers on all employer- issued and personal computers and devices used for work can prevent hackers from breaking into key accounts. The business should also consider enacting a policy for cloud-based solutions that allows for the storage and sharing of information online, and employees should be made aware of the risks of using unapproved software or services and freeware. The company can steer employees toward safe software and services by providing IT-approved solutions. This policy should allow only essential employees access to sensitive data, such as customer networks. Emphasis should WSJ. Custom Studios ©2014 Creating a written cybersecurity policy can help enforce rules and provide information to help employees prevent data loss. The Wall Street Journal news organization was not involved in the creation of this content. 7
  • 8. be placed on employees most likely to be targeted: According to the Symantec threat report, executive assistants, public rela- tions managers, and senior managers, are most at risk. Back Up Data Regularly Instituting a formal data backup procedure can prevent the business from becoming completely disabled by a cyberattack, particularly from ransomware that locks employees out of the system. Much of today’s most sophisticated ransomware is unbreakable, even by skilled forensic experts, Tendell says. Backing up data on a regular schedule, at least weekly, also helps shield against data loss due to a natural disaster, fire, hardware failure, or accidents. Accidental data loss is a major risk that many small businesses aren’t prepared for, according to Symantec’s Haley. The 2014 Symantec threat report found that 56% of all data loss resulted from accidents, such as smartphones or laptops left in taxis. “While we need to be concerned about breaches, we can’t neglect data that is accidentally lost,” he says. Keep Security Patches Up-To-Date A business that outsources its website hosting to a large domestic provider may not have to worry about updating patches, as the hosting company often handles that task, Tendell says. Smaller or very low-cost overseas web-hosting providers, however, may be less reliable. Companies that use third-party hosting services should avoid sharing their physical server with other websites. Those who host their own sites should make sure all security patches are routinely checked and updated. Attackers don’t stop exploiting small businesses just because a patch is available. In fact, they prey on businesses that don’t take immediate action to apply updates. The 2014 Symantec threat report found that 56% of all data loss resulted from accidents, such as smartphones or laptops left in taxis. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. 8
  • 9. Deploy a Robust Cyberprotection Solution Today’s most comprehensive cyberprotection solutions can pro- vide a small business with robust coverage at a cost-effective price. When choosing a solution, the company’s IT professional should ensure that it provides continuous, always-on coverage— meaning it protects the business around-the-clock and provides a real-time shield against emerging cybersecurity risks. Given the serious and growing threat of disguised malware attacks, the cyberprotection solution should be able to identi- fy potential malware before employees click on infected links or unknowingly download malware on their devices. It should provide timely alerts of needed security-patch updates. Today’s leading cyberprotection solutions designed for small compa- nies can detect spyware and malware in real time as employees browse the Internet. It also can identify potentially dangerous websites in online search results before an employee clicks on them and protect against potential attacks when employees are working on public Wi-Fi networks, whether at the airport or a coffee shop. Small companies may be tempted to try to save money by rely- ing on consumer-grade cyberprotection software they can get for free. However, free versions often lack the most advanced and up-to-date features necessary for warding off today’s rap- idly evolving threats. For example, a free anti-malware program that only provides on-demand scanning of a single system does not provide nearly as much protection as one that constantly scans incoming files for signs of dangerous software. Many free cybersecurity software programs are intended for personal use only and not designed for the more sophisticated needs of businesses. Customer support on free software is A free anti-malware program that only provides on-demand scanning of a single system does not provide nearly as much protection as one that constantly scans incoming files for signs of dangerous software. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content. 9
  • 10. often very limited or even nonexistent—a major concern if a problem or attack occurs. Free solutions also may not keep up with the ever-changing cyberthreat landscape. Cyberprotection programs designed specifically for small busi- nesses can be easily managed by a one-person IT department or even a part-time IT consultant. Programs that can be ac- cessed via the cloud (the Internet) allow a small business to easily and quickly set up protection for new devices and em- ployees as it grows. Another piece of good news: Even as small businesses’ cyber-risks grow, comprehensive protection has become far more affordable. “Stuff that when I started in IT was only available for enterprises is now available for small- to medium-sized businesses at very reasonable cost,” says Jerod Powell, president of InfinIT Consulting, a San Jose-based chain of small business IT consulting firms. Powell says when security is applied holistically—including setting up network firewalls and data-encrypting employees’ laptops—it can provide very strong protection. Many free cybersecurity software programs are intended for personal use only and not designed for the more sophisticated needs of businesses. The Wall Street Journal news organization was not involved in the creation of this content. WSJ. Custom Studios ©2014 10
  • 11. WHY CYBERPROTECTION CAN’T WAIT Cyberattacks are only getting more sophisticated and harder to detect. As cyberthieves get savvier, businesses and their IT professionals must work hard to keep pace with the ever- changing threat landscape. Not too long ago, it would have seemed unlikely that a small mechanical contractor could unwittingly provide entry into a major corporation’s customer billing records. Today, such events make headlines regularly. Taking the right protective measures, including enacting cybersecurity policies and employee training and using the right solutions, can reduce much of today’s risk. Cloud-based cyberprotection solutions can offer greater security because they provide always-on coverage and automatically update to ensure a small company is protected against the latest risks. As cyberthieves around the world work hard to create more personalized, savvier attacks against small businesses, it’s more critical than ever that businesses are prepared. WSJ. Custom Studios ©2014 Not too long ago, it would have seemed unlikely that a small mechanical contractor could unwittingly provide entry into a major corporation’s customer billing records. Today, such events make headlines regularly. The Wall Street Journal news organization was not involved in the creation of this content. 11
  • 12. IN COLLABORATION WITH The Wall Street Journal news organization was not involved in the creation of this content NEW YORK 1155 Avenue of the Americas 5th Floor New York, NY 10036 LONDON 222 Grays Inn Road London WC1X 8HB United Kingdom HONG KONG 25/F, Central Plaza 18 Harbour Road Wanchai Hong Kong Robin Riddle, Global Publisher 212-659-2492 Robin.Riddle@wsj.com www.wsjcustomstudios.com This work was commissioned by Symantec. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 www.Symantec.com WSJ. Custom Studios The most trusted news source in the world is now creating best-in-class branded content solutions across all platforms, globally. WSJ. Custom Studios, the content marketing division of The Wall Street Journal, partners with marketers to create innovative solutions that inform, inspire and engage the most powerful audience in the world. WSJ. Custom Studios ©2014The Wall Street Journal news organization was not involved in the creation of this content.