Symantec’s 2016 Internet Security Threat Report

Internet security threats change, rise, and get more sophisticated each year, leaving internet users — from personal to business — vulnerable to a wide array of cyber attacks. It’s hard to keep up with, but thanks to Symantec’s Internet Security Threat Report (ISTR), we have a yearly overview and analysis of what to look out for, what’s been going on, and how to stay current with what cyber criminals are up to.

The most recent 2016 report highlights data from 2015 and some of the details are shocking. Stay with us as we go over the highlights of Symantec’s latest Internet Security Threat Report:

There Was a 125% Increase in Zero-Day Vulnerabilities

In the span on one year, the number of zero-day vulnerabilities more than doubled. A zero-day day vulnerability refers to a hacker exploiting a hole in a vendor’s software, such as flaws in browsers and website plugins — before the vendor becomes aware of it. Once the vendor and developers realize there’s a problem, they must identify the vulnerability and race to fix the nature of the hole (and protect users) with a patch. “Zero day” refers to the unknown nature of the hole (to the developers), and the exploit itself is called a zero-day attack, which may include sneaking in malware, spyware, or granting access to user information.

Online Security Tips:

  • Update your browser often to obtain updated security features.
  • Always look for antivirus solutions and security software that protect against known and unknown threats.
  • Start phasing out Adobe Flash Player. Symantec’s infographic portrays that the “end is nigh” for this software program, as 19% of 2015’s zero-day vulnerabilities attacked Flash Player.

429 Million Personal Records Were Stolen, Lost, or Exposed

2015 was a bad year for data breaches and most seemed to include personal identities. According to Symantec’s data, half a billion personal records were stolen or lost in 2015’s nine “mega-breaches” — and that might be a conservative number, as Symantec reported that many “companies chose not to reveal the full extent of their data breaches.” The industry with the largest number of breaches (39%) came from the Health Services sub-sector. For more data on the mega-breaches, check out Symantec’s infographic.

Nearly 75% of Legitimate Websites Have Unpatched Vulnerabilities

A website patch is a piece of software code that is “patched” or inserted into a computer program (or supporting data) to update, fix, or improve the program. Along with improvements, a patch also fixes security vulnerabilities that hackers like to take advantage of (see zero-day vulnerabilities above).

As part of their 2015 data, Symantec found that most web administrators aren’t staying current on patches — nearly 75% of all websites! They also found that “there were over one million web attacks against people each day in 2015.” What does that mean for all web users? It means that unsecured, legitimate websites can easily infect users.

Online Security Tip:

  • When a trusted software program or vendor suggests that you update your software or system, do it. These often include security patches to keep you and your information safe.

Spear-Phishing Campaigns Are On the Rise

Spear-phishing is a scam that uses what appear to be familiar emails (from a known individual or business) to collect a user’s personal and secure information. These scams not only target individuals but businesses, both large and small.

Symantec found that spear-phishing campaigns targeting employees increased by 55% in 2015, but what’s interesting is that cyber attackers are targeting more small businesses than ever before. Spear-phishing scams, which have historically targeted and attacked larger companies (those with over 2,500 employees), have been growing amongst small and medium-sized businesses (those with 1-2,500 employees). Bottom line: data shows that no business (of any size) is safe.

Online Security Tips:

  • Legitimate businesses don’t email users asking for passwords or account numbers.
  • If you suspect an email is real, contact the business to ask. For all suspicious emails, check the business’ website for an email address that you can forward suspicious emails to.
  • If a “friend” emails you for secure or personal information, call them to verify it was really them.
  • Be careful with your personal information, including how much you make freely available on the web.

Ransomware Is On the Rise

Ransomware is a type of malware that blocks a user’s access to a computer system (through encryption) until a sum of money paid. Affecting both individuals and companies, this sinister type of attack is on the rise — up by 35% in 2015 — and has found new targets via smart phones, Macs, and Linux operating systems.

For more details on how to protect yourself or your organization, check out Symantec’s infographic, or read our three part series on ransomware, starting with Ransomware: What You Need to Know (Part 1).

Technical Support Scams Are On the Rise

In 2015, 100 million fake technical support scams were blocked by Symantec. The new method of deception? Cyber scammers are now trying to get you to call them by hitting users with pop-up error alerts that direct users to to call an 800 number, whereby they attempt to sell you worthless services.

IT Solutions to Keep Your Business Secure

Cyber attacks will continue to evolve and get more sophisticated. It’s up to you to stay ahead of scammers and hackers by ensuring your company’s data is properly safeguarded. Integracon’s multi-tiered, managed security services and security breach consulting do that and more. We keep your data safe and your mind at ease, every step of the way.