State of the Phish 2015

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "State of the Phish 2015"

Transcription

1

2 Introduction The threat is real Phishing continues to pose a growing threat to the security of industries of every kind from financial organizations to government contractors to healthcare firms. Though organizations have invested significant sums in such protective technology as spam filters, anti-virus, anti-malware, IDS, and web proxies, today s savvy attacker manages to evade safeguards through carefully planned, socially-engineered attacks. The result? Unsuspecting end users routinely click links, open attachments... and expose themselves and their organizations to far-reaching damage. According to Verizon * an estimated 95% of espionage attacks involved phishing of all malware attacks come Nearly80% from phishing attempts To provide a clearer idea of where and how organizations make themselves most vulnerable to phishing attacks, ThreatSim has prepared this 2015 report, which pools two sources of data: ThreatSim s anonymous data aggregated across our customer base, involving millions of simulated phishings conducted between January 2013 and December A survey of information technology executives, administrators, and information security professionals While not a scientific study, this report does offer important insight into what proactive organizations are doing to better train their end users to identify and avoid phishing messages. *Verizon Data Breach Investigations Reports, ThreatSim All Rights Reserved threatsim.com 1

3 ThreatSim Customer Statistics Who uses ThreatSim? Financial, B2B Services, Energy, and Manufacturing are leading the adoption of dynamic phishing training. Financial B2B Services Energy Manufacturing Education Technology Healthcare Retail Non-US Government Insurance State Government Consumer Non-Profit Defense Federal Government Media Transportation Hospitality Credit Union Other Legal City Government County Government Agriculture ThreatSim All Rights Reserved threatsim.com 2

4 ThreatSim Customer Statistics How many people open... and click? Given our extensive work with customers in a wide variety of industries, ThreatSim has a unique vantage point on the phishing epidemic. Through millions of simulated phishings, conducted between January 2013 and December 2014, we ve pulled together the data presented here to provide a clearer picture of what we see on the front lines. The number of targeted users who open a phishing , then fall for the scam depends on several factors including the phishing lure in the message, the sophistication of the , the date/time it was sent, and the target s technical acumen. According to Verizon s 2015 Data Breach Investigations Report, nearly 50% of recipients open s and click on phishing links within the first hour. The median timeto-first-click coming in at one minute, 22 seconds across all campaigns. 23% 11% average open rate of all campaigns in average click rate of all campaigns in ThreatSim All Rights Reserved threatsim.com 3

5 ThreatSim Customer Statistics Which platforms garner the most clicks? Windows, not surprisingly, was the platform that had the most clicks of all operating systems. To be fair, this is not necessarily saying that Windows users are more susceptible to phishing, rather in the business world, PCs are by far the most used platform. When we drill into the data, the percentage of Mac and Windows users who open is nearly the same at around 65%. Percentage of all clicks by platform in % 18% 1% 8% 71% PC Other ios Android Mac 2015 ThreatSim All Rights Reserved threatsim.com 4

6 ThreatSim Customer Statistics Which type is most likely to get clicked? Technical Corporate Commercial Cloud Consumer % Clicked 0% 5% 10% 15% 20% What do these s look like? 21.3% 15.3% 12.9% 8.7% 6.9% TECHNICAL s These are messages that look like common errors including mailbox is full, unknown user, etc. CORPORATE This could look like official office mail, spam quarantine, benefits enrollment notices, invoices, or an HR confidential document. COMMERCIAL Business-oriented but not company-related , this might be something like a shipping confirmation of an overnight package, fake wire transfer, or auto insurance renewal. CLOUD Cloud in this case means something simulating a cloud-based service, like a file sharing service. The might read: Dave wants to share a file with you, click here to accept. CONSUMER These are the types of s the general public gets on a daily basis that may try to replicate offers or accounts they already have. Examples include s about frequent flier accounts, potential account compromise, social networking notices, gift card notifications, and more ThreatSim All Rights Reserved threatsim.com 5

7 ThreatSim Customer Statistics Which mobile phone users are most at risk? It s no surprise that mobile use in the workplace has grown dramatically over the last few years and with it, users accessing their work on mobile devices. While both ios and Android use grew dramatically, Android use in the workplace outpaced ios by more than double. That being said, use of ios devices on the whole is still nearly 4x that of Android in the workplace according to our data. 405% growth for ios usage in the workplace from % growth for Android usage in the workplace from Interestingly, ios users are roughly 25% more likely to click on a phishing link after opening a phishing on their device than are Android users. While some would argue this means that ios users are more likely to fall for a phishing scam, others would argue that ios users naturally perceive their device to be more secure, so are more willing to test the waters on their device than are Android users. In 2014, more than Only 16% of ios device users who opened a phishing took the bait and clicked on it. 12% of Android users fell for the phish. The good news for organizations is, increasingly, users of mobile devices are becoming smarter about not taking the phishing bait. From 2013 to 2014, click rates for both ios and Android device users dropped an average of 35% after opening a phishing ThreatSim All Rights Reserved threatsim.com 6

8 Honing the Spear Like phishing, spear phishing involves sending a malicious link or file. But while standard phishers take a mass approach, sending out millions of s in hopes of snagging valuable personal information from as many people as possible, spear phishers are more highly focused. They often go to great lengths to gather information on key people within an organization in order to craft a personalized and convincing . As social engineers, they aim to become someone you know and trust. In our experience at ThreatSim, spear phishers efforts to personalize their attacks make them more effective. Our data indicate that spear phishers are most successful when they employ a target s last name, company logo, or some other trust token designed to create a sense of familiarity. 11% average click rate of all campaigns across average click rate when just a user s last name is placed in the , 18% regardless of other personalized data ThreatSim All Rights Reserved threatsim.com 7

9 Honing the Spear After a year or more of training, users get smarter about personalization as it relates to phishing s. Click rates in s personalized with the user s first name have dropped from % to % 12.5% average click rate in 2013 average click rate in ThreatSim All Rights Reserved threatsim.com 8

10 Why is Training Important? Is there any correlation between frequency of testing/training and clicks? The figures below show the click rate improvements achieved by organizations based on how frequently they train their user base. Click rate at the end of 6 months if training is done monthly:14% Click rate at the end of 6 months if training is done quarterly:16% *Improvement of 12.5% if training is done monthly vs. quarterly Click rate at the end of 24 months 4% if training is done monthly: Click rate at the end of 24 months 8% if training is done quarterly: *Improvement of 50% if training is done monthly vs. quarterly 2015 ThreatSim All Rights Reserved threatsim.com 9

11 Why is Training Important? What is the click rate for first campaigns vs. the rate after training? 25% average click rate for all first campaigns average click rate for all campaigns after initiating phishing 11% simulation training average click rate for campaigns after 24 months of simulated 4% phishing training 2015 ThreatSim All Rights Reserved threatsim.com 10

12 Why is Training Important? Which browser plug-ins are most vulnerable? When end users fall for a ThreatSim simulation, we perform fingerprinting of the users browsers and plug-ins. The resulting data are useful in pinpointing who is at the greatest risk for a data breach. In tracking end user plug-ins, we note if the plug-in is outdated, as this increases the user s exposure to malware infection. This information provides our customers with a good indicator of the target s susceptibility to exploit, had the message that was clicked upon been a real phishing attack. In 2014, three plug-ins were found to be most commonly outdated, making them particularly vulnerable to attack: Adobe Flash outdated 40% of the time Java outdated 34% of the time Microsoft Silverlight outdated 32% of the time 2015 ThreatSim All Rights Reserved threatsim.com 11

13 ThreatSim Survey Results ThreatSim surveyed IT executives, administrators and security professionals. The results of this survey are summarized in the pages that follow. Overall, our findings support the premise that phishing poses a critical threat today to organizations of every kind. Though some organizations are taking steps to measure their susceptibility to phishing and any resulting damage, a significant percentage are simply ignoring the threat ThreatSim All Rights Reserved threatsim.com 12

14 ThreatSim Survey Results A growing problem The vast majority of organizations surveyed, 76.7%, report having experienced a phishing attack in the past year. The remaining respondents, 23.3%, are not aware of having been attacked. Since phishing attacks often go unnoticed and unreported, it s safe to assume that some in this group are compromised and don t even know it. Have you experienced a phishing attack in the last calendar year? 23.3% 76.7% Yes No 2015 ThreatSim All Rights Reserved threatsim.com 13

15 ThreatSim Survey Results A growing problem (cont.) Perhaps most alarmingly, nearly one third of organizations 32% reported experiencing more than 50 phishing attacks within the past year, with 9% of respondents experiencing more than 500 attacks. Approximately how many known phishing attacks have you experienced in the last year? 4% 5% 9% 41% 14% 20% 9% ,000 >1,000 Unsure 2015 ThreatSim All Rights Reserved threatsim.com 14

16 ThreatSim Survey Results A growing problem (cont.) Clearly, phishing poses a threat that isn t going away. In fact, many organizations report that it s on the rise. Of those surveyed, 40.6% report an increase in attacks over the past year, while 58.3% believe the level of attack is staying about the same as in past years. Is the rate of phishing attacks against your organization increasing? 40.6% 58.3% Increasing Decreasing Staying about the same as years past 1% 2015 ThreatSim All Rights Reserved threatsim.com 15

17 ThreatSim Survey Results The impact is far-reaching For organizations beset by phishing attacks, the impact was far from benign. Of those who were attacked in our survey, 40.6% experienced a malware infection, 21.9% saw their accounts compromised, and 8.3% lost data. What, if any, of the following impacted your organization? 8.3% 49% 40.6% Loss of data Malware infections Compromised accounts Other 21.9% 2015 ThreatSim All Rights Reserved threatsim.com 16

18 ThreatSim Survey Results The impact is far-reaching (cont.) Phishing s impact is both damaging and disruptive for those who have been attacked. In addition to the unfortunate outcomes reported here, the security managers within the survey routinely lament how much time is lost in responding (endpoint forensics) and employee downtime (account rest, system restoration). Nearly half of our respondents who were attacked (47.9%) reported lost productivity for their employees. But the problems didn t end there. More than a quarter of those attacked (28%) experienced damage to their organization s reputation, and nearly a quarter more (24%) lost proprietary information. How do you measure the cost of phishing incidents? 24% 28.1% 47.9% Lost productivity for employees Damage to reputation Business impacts through loss of proprietary information 2015 ThreatSim All Rights Reserved threatsim.com 17

19 ThreatSim Survey Results Means of attack Response to our survey indicates that spear phishing, a mode of attack that is finely targeted and thus more effective, poses a serious threat to businesses. The majority of respondents, 54.3%, report that their organization experienced targeted spear phishing attacks over the past year. Do you experience actual spear phishing (aka targeted) attacks? 45.7% 54.3% Yes No 2015 ThreatSim All Rights Reserved threatsim.com 18

20 ThreatSim Survey Results Measuring exposure to phishing We found it concerning that though three-quarters of organizations we surveyed have experienced phishing attacks over the past year, close to 40% of those surveyed have not taken appropriate steps to measure their organization s susceptibility to such attacks. Considering the far-reaching damage caused by phishing (to brand credibility, productivity and the bottom line), it only makes good business sense to know your exposure and thus take steps to measure your risk. Do you measure your organization s susceptibility to phishing? 39.1% 60.9% Yes No 2015 ThreatSim All Rights Reserved threatsim.com 19

21 ThreatSim Survey Results Measuring exposure to phishing (cont.) Everyone who responded to our survey, a full 100%, reported using /spam filters to reduce the risk of phishing attacks in their organizations. More than half of respondents, 57.6%, use outbound proxy protection, and 40.2% have employed advanced malware analysis (such as FireEye). Only 18.5% of respondents employ URL wrapping. Which of the following technologies are utilized by your organization to reduce the risk from phishing attacks? 100% 100% 80% 60% 40% 20% 57.6% 40.2% 18.5% 0% / Spam filters Outbound proxy protection Advanced malware analysis (e.g. FireEye) URL Wrapping 2015 ThreatSim All Rights Reserved threatsim.com 20

22 ThreatSim Survey Results Training and prevention Most organizations appear to be employing multiple training efforts. By far the most commonly used training is phishing simulation exercises, employed by 83.3% of organizations. Other commonly used methods are annual security awareness training (using computer-based training), 60.3%, and monthly notifications or newsletters, 50%. Which of the following activities are used in training your end users on how to identify and avoid phishing messages, in addition to phishing simulation exercises? 100% 80% 60% 40% 20% 60.3% 50% 28.2% 11.5% 0% Annual security awareness training using CBT (computer-based training) Monthly notifications or newsletters Annual security awareness training (in-person, classroom style) Other 2015 ThreatSim All Rights Reserved threatsim.com 21

23 ThreatSim Survey Results Training and prevention (cont.) Of those organizations that proactively measure the impact of phishing prevention activities like training, the results are impressively reassuring. A full one third, 33%, of those respondents report that the steps they took reduced their phishing susceptibility by %, and close to half of those respondents, 47%, report their level of reduction in susceptibility between 1% 50%. What percentage reduction have you achieved? 19% 19% 14% 25% 22% % 51 75% 26 50% 1 25% Unsure/ Still Testing 2015 ThreatSim All Rights Reserved threatsim.com 22

24 ThreatSim Survey Results Training and prevention (cont.) Even more impressively, a full 70% of respondents show these reductions in phishing susceptibility occurring in less than 12 months after implementing activities like phishing simulated exercises, with a staggering 41% showing positive results in under six months. In what time frame did you see reductions achieved (number of months)? 9% 9% 21% 41% 6 months or less 7 to 12 months 12 to 24 months >24 months Not sure 29% These figures make it clear that phishing remains a critical threat, and prevention activities such as phishing simulation exercises are important for even the most proactive organizations ThreatSim All Rights Reserved threatsim.com 23

25 threatsim.com Coppermine Rd. Suite 302 Herndon, VA ThreatSim All Rights Reserved

2013 State of The Phish

2013 State of The Phish 2013 State of The Phish ThreatSim: 2013 State of The Phish Introduction Phishing continues to be one of the most effective attack vectors in the attacker s tool kit. A significant percentage of documented

More information

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

More information

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spear Phishing Attacks Why They are Successful and How to Stop Them White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Cyber Crime: You Are the Target

Cyber Crime: You Are the Target Cyber Crime: You Are the Target When talking about computer crime, we often hear the observation from computer users that they aren t rich and therefore what they have isn t worth much to a cyber criminal.

More information

Training Employees to Recognise & Avoid Advanced Threats

Training Employees to Recognise & Avoid Advanced Threats Training Employees to Recognise & Avoid Advanced Threats Joe Ferrara, President & CEO, Wombat Security Technologies Rashmi Knowles, Chief Security Architect EMEA, RSA The Security Division of EMC Session

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table

More information

SPEAR PHISHING AN ENTRY POINT FOR APTS

SPEAR PHISHING AN ENTRY POINT FOR APTS SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing

More information

Global Manufacturing Company Reduces Malware Infections by 46%

Global Manufacturing Company Reduces Malware Infections by 46% Global Manufacturing Company Reduces Malware Infections by 46% Wombat s Security Education Platform is changing behaviors, reducing infections, and lowering remediation costs The Challenge A large international

More information

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

Be Prepared for Java Zero-day Attacks

Be Prepared for Java Zero-day Attacks Threat Report Be Prepared for Java Zero-day Attacks Malware Analysis: Malicious Codes spread via cloud-based data storage services December 19, 2013 Content Overview... 3 Distributing Malicious E-mails

More information

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Anti-Phishing Best Practices for ISPs and Mailbox Providers Anti-Phishing Best Practices for ISPs and Mailbox Providers Version 2.01, June 2015 A document jointly produced by the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG) and the Anti-Phishing

More information

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks WHITE PAPER The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks A Cyveillance Report October 2008 EXECUTIVE SUMMARY How much do phishing attacks really cost organizations?

More information

2010 Cyber-Security Trends

2010 Cyber-Security Trends 2010 Cyber-Security Trends & SECURITY-FOCUSED SOLUTIONS AN ICS IMPACT REPORT Information Security Trends 2008-2009 2008: 285 million records breached* Average cost per record: $202** 2009: Average cost

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Conducting an Email Phishing Campaign

Conducting an Email Phishing Campaign Conducting an Email Phishing Campaign WMISACA/Lansing IIA Joint Seminar May 26, 2016 William J. Papanikolas, CISA, CFSA Sparrow Health System Estimated cost of cybercrime to the world economy in 2015 was

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

Web Protection for Your Business, Customers and Data

Web Protection for Your Business, Customers and Data WHITE PAPER: WEB PROTECTION FOR YOUR BUSINESS, CUSTOMERS............ AND.... DATA........................ Web Protection for Your Business, Customers and Data Who should read this paper For security decision

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

FireEye Advanced Threat Report 1H 2012

FireEye Advanced Threat Report 1H 2012 FireEye Advanced Threat Report 1H 2012 FireEye, Inc. FireEye Advanced Threat Report 1H 2012 1 Advanced Threat Report Contents Inside This Report 2 Executive Summary 2 Finding 1 3 Explosion in Advanced

More information

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves

More information

Email Compliance in 5 Steps

Email Compliance in 5 Steps Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential

More information

Cyber Security. Securing Your Mobile and Online Banking Transactions

Cyber Security. Securing Your Mobile and Online Banking Transactions Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

2009 Antispyware Coalition Public Workshop

2009 Antispyware Coalition Public Workshop 2009 Antispyware Coalition Public Workshop Jeffrey Fox Technology Editor, Consumer Reports Media contact: Lauren Hackett, 914-378-2561 Background For several years, Consumer Reports has been testing and

More information

Statistical Analysis of Internet Security Threats. Daniel G. James

Statistical Analysis of Internet Security Threats. Daniel G. James Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There

More information

Laura Royer, Extension Faculty, University of Florida/IFAS Osceola County Extension Services

Laura Royer, Extension Faculty, University of Florida/IFAS Osceola County Extension Services Consumer Choices: Computer Security Software Prepared by: Dave Palmer, Instructional Media Faculty, University of Florida/IFAS Extension, South Central Extension District Laura Royer, Extension Faculty,

More information

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc.

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Developing a Successful Security Awareness Training Program Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Agenda The human element of cyber security Building your case Building

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR COMPUTER AND YOUR PRIVACY! PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT Open Space Security Cyber-attacks are real. Today alone, Lab technology prevented nearly 3 million of them aimed at our customers worldwide.

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

Digital Consumer s Online Trends and Risks

Digital Consumer s Online Trends and Risks Digital Consumer s Online Trends and Risks Modern consumers live a full-scale digital life. Their virtual assets like personal photos and videos, work documents, passwords to access social networking and

More information

Norton 360. Benefits. Our ultimate protection, now even more so. Introducing the new Norton 360.

Norton 360. Benefits. Our ultimate protection, now even more so. Introducing the new Norton 360. Norton 360 Our ultimate protection, now even more so. Introducing the new Norton 360. Our ultimate Internet and antivirus protection for all you do online Provides proactive protection, so you can do what

More information

Quick Heal Exchange Protection 4.0

Quick Heal Exchange Protection 4.0 Quick Heal Exchange Protection 4.0 Customizable Spam Filter. Uninterrupted Antivirus Security. Product Highlights Built-in defense keeps your business communications and sensitive information secure from

More information

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

THREAT VISIBILITY & VULNERABILITY ASSESSMENT THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings

More information

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY An Inside Job Cyberthreats to your business are usually blamed on outsiders nefarious programmers writing malicious code designed to pilfer your

More information

White Paper - Crypto Virus. A guide to protecting your IT

White Paper - Crypto Virus. A guide to protecting your IT White Paper - Crypto Virus A guide to protecting your IT Contents What is Crypto Virus?... 3 How to protect yourself from Crypto Virus?... 3 Antivirus or Managed Agents... 3 Enhanced Email Services & Extra

More information

INTRODUCING isheriff CLOUD SECURITY

INTRODUCING isheriff CLOUD SECURITY INTRODUCING isheriff CLOUD SECURITY isheriff s cloud-based, multi-layered, threat protection service is the simplest and most cost effective way to protect your organization s data and devices from cyber-threats.

More information

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks Improve Phishing Knowledge and Reduce Susceptibility to Attack Do you already have some form of

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

The Symantec Approach to Defeating Advanced Threats

The Symantec Approach to Defeating Advanced Threats WHITE PAPER: THE SYMANTEC APPROACH TO DEFEATING ADVANCED........... THREATS............................. The Symantec Approach to Defeating Advanced Threats Who should read this paper For security practioners

More information

REPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED

REPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED REPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED CONTENTS Inside This Report...3 Executive Summary...3 Finding 1 Explosion in Advanced Malware Bypassing Traditional Signature-Based Defenses...4

More information

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS SIMULATED ATTACKS Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru Technical safeguards like firewalls, antivirus software, and email filters are critical for defending your infrastructure,

More information

Integrating MSS, SEP and NGFW to catch targeted APTs

Integrating MSS, SEP and NGFW to catch targeted APTs #SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information

More information

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS Learn more about Symantec security here OVERVIEW Data and communication protection isn t a problem limited to large enterprises. Small and

More information

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Stop advanced targeted attacks, identify high risk users and control Insider Threats TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these

More information

PRESENTED BY Ray Dalgarno. Empowering the Human Element within the Security Eco-system

PRESENTED BY Ray Dalgarno. Empowering the Human Element within the Security Eco-system PRESENTED BY Ray Dalgarno Empowering the Human Element within the Security Eco-system Agenda Phishing General Background Why Phish5 Phish5 Service - Features & Functionalities Q&A Live demonstration (post

More information

Managing Web Security in an Increasingly Challenging Threat Landscape

Managing Web Security in an Increasingly Challenging Threat Landscape Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE: WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if

More information

In 2015, just under half (43%) of the world s population has an Internet connection: 3.2 billion people, compared to 2.9 billion in July 2014.

In 2015, just under half (43%) of the world s population has an Internet connection: 3.2 billion people, compared to 2.9 billion in July 2014. Contents Introduction... 1 Main findings... 2 Methodology... 3 Section 1. Device usage... 4 Section 2. Online and on the move: Internet activity... 6 Section 3. The connected treasure chest: what is stored

More information

Securing Cloud-Based Email

Securing Cloud-Based Email White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures

More information

Under the Hood of the IBM Threat Protection System

Under the Hood of the IBM Threat Protection System Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer

More information

Defending Against. Phishing Attacks

Defending Against. Phishing Attacks Defending Against Today s Targeted Phishing Attacks DeFending Against today s targeted phishing attacks 2 Introduction Is this email a phish or is it legitimate? That s the question that employees and

More information

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Getting Started with the iscan Online Data Breach Risk Intelligence Platform Getting Started with the iscan Online Data Breach Risk Intelligence Platform 2 Table of Contents Overview... 3 Data Breach Risk Intelligence... 3 Data Breach Prevention Lifecycle Defined... 3 Choosing

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

CYBER SECURITY THREAT REPORT Q1

CYBER SECURITY THREAT REPORT Q1 CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

Are your people playing an effective role in your cyber resilience?

Are your people playing an effective role in your cyber resilience? Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to

More information

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS A Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS Even with today s breakthroughs in online communication, email is still one of the main ways that most

More information

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST Enabling user efficiency with a cloud-based email platform With productivity, revenues and reputation at stake, an

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

State of Mobility Survey. France Results

State of Mobility Survey. France Results State of Mobility Survey France Results Methodology Survey performed by Applied Research 6,275 global organizations 43 countries NAM 2 LAM 14 EMEA 13 APJ 14 SMBs: Individuals in charge of computers Enterprises:

More information

2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF US FINANCIAL SERVICES SPOTLIGHT ABOUT

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

Insert Name Here Insert Title Here

Insert Name Here Insert Title Here Insert Name Here Insert Title Here 1 In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582 That s 1 Million 179 Thousand a day. 2 Founded: 1933 1 location 35 employees

More information

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one

More information

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It

More information

SPEAR-PHISHING ATTACKS

SPEAR-PHISHING ATTACKS SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT

More information

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User

More information

Things To Do After You ve Been Hacked

Things To Do After You ve Been Hacked Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise

More information

BitDefender Client Security Workstation Security and Management

BitDefender Client Security Workstation Security and Management BitDefender Client Security Workstation Security and Management BitDefender Client Security is an easy to use business security and management solution, which delivers superior proactive protection from

More information

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select

More information

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets

More information

How to Identify Phishing E-Mails

How to Identify Phishing E-Mails How to Identify Phishing E-Mails How to recognize fraudulent emails and avoid being phished. Presented by : Miguel Fra, Falcon IT Services (miguel@falconitservices.com) http://www.falconitservices.com

More information

Cyber liability threats, trends and pointers for the future

Cyber liability threats, trends and pointers for the future Cyber liability threats, trends and pointers for the future Tim Smith Partner, BLM t: 020 7865 3313 e: tim.smith@blm-law.com February 2013 Cyber liability threats, trends and pointers for the future The

More information

INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT. October 2013. Sponsored by:

INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT. October 2013. Sponsored by: 2013 INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT & October 2013 & INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT: The Third Annual Survey on the Current State of and Trends in Information

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure. McAfee Endpoint Protection for SMB You grow your business. We keep it secure. Big Protection for Small to Medium-Sized Businesses With the Internet and connected devices now an integral part of your business,

More information

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013 2014 State of Endpoint Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Ponemon Institute Research Report 2014 State of Endpoint Risk Ponemon

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing Kaspersky Fraud Prevention platform: a comprehensive solution for secure Today s bank customers can perform most of their financial operations online. According to a global survey of Internet users conducted

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information