Symantec 2016 Internet Security Threat Report

Software giant Symantec, best known for its Norton AntiVirus, released a survey of the state of cyber security in 17 countries. According to the report, consumers lost $150 billion (USD) to cybercrime in the past year. Of that, $28.9 billion (USD) was lost in the United States. The majority of respondents worried that they would be a victim of online crime and think using public Wi-Fi is riskier than using a public restroom. Most respondents believed that their credit card was more vulnerable to online attacks than physical theft from a wallet or purse.

The respondent’s concerns are well founded. According to this 2016 Internet Security Threat Report, “Symantec discovered more than 430 million new unique pieces of malware in 2015, up 36 percent from the year before” and “a new zero-day vulnerability was found every week (on average) in 2015″. A zero-day vulnerability “refers to a hole in a software program that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero-day attack” (PC Tools). Four out of five zero-day vulnerabilities were in Adobe Flash. Symantec reports that in 2015 over half a billion personal records were stolen or lost, ransomware increased by 35%, and 429 million identities were exposed in breaches. On January 26th, 2016, an attack on Anthem Health Care exposed 78 million records. Attacks happen on businesses large and small. Symantec advises that the following security measures be implemented:

  • Even if they do not think you are an obvious target for cybercriminals, it does not mean you are immune.
  • On a personal level, this means remaining vigilant by:
    • Not opening emails from unknown senders
    • Looking for the padlock and checking the encryption certificate on any sites where you enter sensitive data
    • Not using unsecure networks when accessing sensitive data
  • For organizations to remain vigilant by:
    • Deploying email encryption where possible
    • Ensuring that email is scanned for malware, spam, and phishing
    • Using web security systems to block access to known phishing sites

Mobile vulnerabilities increased 214% in 2015 over the previous year. While Android phones remain the most vulnerable, attacks on iPhones are not impossible. XcodeGhost and YiSpecter were revealed not to require vulnerabilities, or to be jail-broken, in order to compromise an iOS device. Some attacks can come from a connection to a computer through a USB connection, while others originate in Google Play or the Apple Store. Symantec reports that Windows malware infected smartphones “by stealing browser cookies for Google Play sessions from the infected desktop computer and using these stolen cookies (essentially the users’ credentials), impersonating the user to remotely install apps onto the victims’ phones”. Google users should be aware of a vulnerability in Google’s password reset.

Symantec recommends the following security precautions to protect your mobile device:

  • Treat mobile devices like the small, powerful computers that they are and protect them accordingly
  • Access control, including biometrics where possible.
  • Data loss prevention, such as on-device encryption.
  • Automated device backup.
  • Remote find and wipe tools, in the event of a lost device.
  • Regular updating. For example, the latest version of Android, codenamed Marshmallow (version 6.0), was launched in October and includes a number of features designed specifically to thwart attackers. According to Statista, in October 2015, KitKat (version 4.4) was still the most widely used version of Android at 38.9 percent, and Lollipop (version 5.0) accounted for 15.6 percent.
  • Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources.
  • Don’t jailbreak devices. Jailbroken devices are often more susceptible to security issues.
  • Pay particular attention to permissions requested by an app.
  • Update apps as often as possible, or if a suspicious app is identified, delete it and wait for a new version to be made available.
  • Change your Apple ID password, or your Google Play password, if you suspect your account has been compromised. This advice extends to safeguarding account credentials on any third-party app store.
  • Watch out for any suspicious emails or push notifications to your device asking for your credentials, or any other personally identifying information.
  • Until a patch is applied, proceed cautiously when using your mobile browser to preview unsolicited audio and video files.
  • Android users are advised to apply any security updates issued by their carrier or device manufacturer as they become available.
  • Additional mobile security solutions can also help safeguard against malicious software, and enterprises should consider mobility management tools that can help secure and control mobile devices within an organization.

Being the victim of cyber crime is no cake walk. On average, consumers lost 21 hours dealing with the impact of cyber crimes. Be smart and save yourself time and frustration.