Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Symantec Speaks on Latest Threat Trends

Released today, Symantec’s Internet Security Threat Report 2016 (ISTR) is a data-based analysis of cybersecurity events and issues over the last year. Symantec has been producing these reports for more than 10 years, drawing data from more than 63.8 million attack sensors in more than 150 countries and territories.

Released today, Symantec’s Internet Security Threat Report 2016 (ISTR) is a data-based analysis of cybersecurity events and issues over the last year. Symantec has been producing these reports for more than 10 years, drawing data from more than 63.8 million attack sensors in more than 150 countries and territories.

SecurityWeek talked to Kevin Haley, director of Product Management and Security Response at Symantec, and asked him to highlight five specific areas of the report. He chose the increasing professionalism of bad actors; breach disclosures; the sheer number of vulnerable websites; phishing and spear-phishing; and, of course, ransomware.

Symantec 2016 Threat ReportHis first choice was the growing professionalism of criminal gangs. “We’ve come to expect that well-resourced state-sponsored actors are highly disciplined.” But this is also growing within the basic criminal gangs. “One group we’ve been watching actually gives its ‘staff’ weekends off and even holidays,” he explained. “There are even bad guy tech support boiler rooms in existence.”

According to the report (PDF), the number of exposed identities jumped 23% to 429 million. “But this number hides a bigger story. In 2015, more and more companies chose not to reveal the full extent of the breaches they experienced.” Given that CISOs are reluctant to go public until they can be certain they know all the facts, SecurityWeek asked Haley what companies should do as a matter of policy. 

“We are the custodians of our customers’ personal information,” he replied. “We need to honor that position.” Given that most breaches are discovered not by the breached company but by third parties, such as the FBI or security researchers, he suggested that “Not going public as soon as you know about it is just going to heighten your embarrassment and make it seem that you’re less in control than you really are.”

His third highlight is the sheer number of vulnerable websites. Between 75% and 78% of all sites contain vulnerabilities. “The number that have critical unpatched vulnerabilities which we would describe as trivial to use to get into a website is 15%.” This, he added, indicates that website administrators simply aren’t patching their systems fast enough. “It’s basic security 101,” he added. “If you want to stay safe, make sure you patch all known vulnerabilities.”

He turned to phishing. One of the conclusions from the Symantec study, he suggested, is that once a company has been breached, CISOs should be prepared to be targeted again and again. “This conclusion,” he explained, “comes from looking at targeted attacks via spear-phishing. We see repeated attacks from different actors. Sometimes we see the resurgence of an earlier attack that hadn’t been completely cleansed; and sometimes, when analyzing a known breach, we discover that another group is in there separately but concurrently.” The main reason, he suggested, is that if one group decides a company is an attractive proposition, other groups will undoubtedly have come to a similar conclusion.

There is no simple solution to phishing and particularly spear-phishing. “But there are technologies,” Haley suggested, “that can still detect highly targeted phishing, by checking back on the purported source, using word heuristics and malware recognition, etc.” About 40% of poisoned attachments are Word documents; 10% are executables; and another 10% are screensavers. “In reality, he said, “you could block a large number of spear-phishing simply by blocking executables at the gateway.”

Phishing naturally led to his final highlight: the increase in sophistication and volume of ransomware. SecurityWeek asked a simple question: should companies ever pay a ransom? “We say ‘no’,” he replied. “My opinion is that when the hospital in California came out and publicly paid a large ransom – well, pretty soon hospitals all over the world were being attacked. There’s a definite repercussion to paying; even beyond making these guys rich and funding their next attack. That said, I recognize that sometimes people feel they have no other choice – but it’s not something that I would recommend.” 

Advertisement. Scroll to continue reading.
Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.