web security threat report on spear phishing attacks - symantec
TRANSCRIPT
WEBSITE SECURITY THREAT REPORT
© 2015 Symantec, Inc. All rights reserved. Symantec, the Symantec logo, and other trademarks, service marks, and designs are registered trademarks of Symantec, Inc. in the United States and/or other countries.
SPEAR-PHISHING SCAMMERS SHARPENTHEIR ATTACKS WITH CLEVER NEW TACTICS Attackers win your confidence with personalized, targeted emails
Get the whole threat picture and learn more about how to protect yourself inSymantec’s new Website Security Threat Report
Expect to be attacked. It’s not if, but when.
Use strong, cloud-based filtering to identify and eliminate spear-phishing attacks
91% OF CYBERATTACKS START WITH A SPEAR-PHISHING EMAIL
RISK RATIO OF SPEAR-PHISHING ATTACKS BY JOB ROLE
SPEAR-PHISHERS TARGET EMPLOYEES WHO MAY BE UNAWARE OF WHAT A SUSPICIOUS EMAIL LOOKS LIKE
THAT’S THE MEDIAN
TIME-TO-FIRST-CLICK WHEN A SPEAR-PHISHING EMAIL LANDS IN AN INBOX ON A COMPANY NETWORK.*
*VERIZON BREACH INVESTIGATIONS REPORT 2015
YOU NOW HAVE 80 SECONDS TO PROTECT YOUR COMPANY!
27%26%
MA
NA
GE
R
19%
13%
11%
IND
IVID
UA
L C
ON
TRIB
UTO
R
25%
INTE
RN
DIR
EC
TOR
SU
PP
OR
T
OTH
ER
Attackers prowl for weaknesses in an internal network’s hostnames, IP addresses, and internal path names
80 sec
84% of spear phishing attacks target large enterprises* but attacks on medium-sized and small businesses are rising
THE MOST COMMONLY USED SPEAR PHISHING WORDS
Targeted attack campaigns rose by 8%
Custom malware with crafted email messages evade security
Many have malicious file attachments and many more
include infected links in emails.
Source : Symantec | .cloud.SRL
35%
27%
30%
23%
19%
16%
14%
11%
1 IN 2.9
Individuals in Sales and Marketing job roles were the most targeted in 2014, with 1 in 2.9 of them being targeted at least once; this is equivalent to 35 percent of Sales and Marketing personnel.
KEEP YOUR GUARD UP. DON’T MAKE IT EASY FOR CRIMINALS
23% of employees open phishing messages—11% actually click on malicious attachments!
Implement Always-On SSL
Educate your employees on what a spear phishing email looks like
Change your passwords often
SALES/MARKETING
SA
LES
/MA
RK
ETI
NG
1 IN 3.8OPERATIONS
OP
ER
ATI
ON
S
FIN
AN
CE
R&
D
IT EN
GIN
EE
RIN
G
HR
& R
EC
RU
ITM
EN
T
OTH
ER
1 IN 3.3FINANCE
1 IN 4.4R&D
1 IN 5.4IT
1 IN 7.2HR & RECRUITMENT
1 IN 9.3OTHER
1 IN 6.4ENGINEERING
2014 RISK RATIO 2014 RISK RATIO AS %
RISK RATIO OF SPEAR-PHISHING ATTACKS BY JOB LEVEL
Source : Symantec | .cloud.SRL
Managers were the most frequently targeted level of seniority in 2014, with 1 in 3.8 of them being targeted at least once; this is equivalent to 26 percent of individ-uals at managerial level.
1 IN 3.7
INDIVIDUALCONTRIBUTOR 1 IN 3.9
INTERN
2014 RISK RATIO 2014 RISK RATIO AS %
1 IN 5.4DIRECTOR
1 IN 7.6SUPPORT
1 IN 9.3OTHER
* 2500+ EMPLOYEES
1 IN 3.8MANAGER