Tag Archives: Symantec

Insightful Data Breach Survey

A recent report by The Ponemom Institute and Symantec found that data breaches cost enterprises $126 per lost record.

“Five years ago when we started reporting on data breaches in the UK, data breaches were a pretty nebulous concept,” stated Larry Ponemon, the institute’s founder.

The study was conducted across 36 UK companies with data losses ranging from 3,500 to 78,000 records.

The average cost of a data breach was found to be $5.5 million in 2011. This is down from an average of $7.2 million in 2010.

“Nearly shocking to me, the cost of data breach declined,” stated Ponemon.

The most expensive type of breach was found to be criminal. In addition occurrence of such breaches has risen by 2% within the last year.

Ponemom has been conducting such studies for 7 years. The system used is an activity-based costing model developed by Professor Robert S. Kaplan.

The model takes a number of things into account including investigative activities, communications,  consulting, legal work and efforts to maintain customer trust.  These elements are culminated to assess the overall cost of a data breach.

Interestingly the report found that organisations which notified customers too quickly of data breaches without fully assessing the situation were forced to pay an extra $33 dollars more per lost item.

In addition organisations with a Chief Information Security Officer taking overall data responsibility saved $80 per lost record.

Data breaches were largely (33%) found to be due to negligent employees or contractors. Last year hacking was the number one cause.

This is positive news however it is essential that organisations continue to focus on policies which address malicious hacks.

Cyber Attacks Traced to China

The security company Symantec have revealed that at least 29 firms in the chemicals industry have been targeted by a series of cyber-attacks which have been traced back to China. Symantec has also revealed that they have evidence that another 19 companies, including defence specialists have been affected.

It is believed that the attacks took place from late July and lasted until mid- September.  Symantec’s report revealed that at least 12 companies in the US, five in the UK and two in Denmark have been affected by the attacks. The names of the companies that are thought to have been affected have not been disclosed, but the report did reveal that companies ranked within Fortune 100 firms had been targeted. It was also recognised that several of the firms targeted are involved in developing materials for military vehicles.

Symantec believe that the campaign was focused on obtaining intellectual property such as formulas and design processes.

The US company Dow Chemicals has confirmed that they have been a target as staff received “unusual emails.” A spokesman for the company added “Dow engaged internal and external response teams, including law enforcement, to address the situation. As a result, we have no reason to believe our operations were compromised.”

Symantec have confirmed that workers at the organisations were sent emails asking them to open attachments. In some cases, the hackers attempted to deceive workers by claiming that the attachment contained important security updates or that it was an invitation from business partners.

Those who opened the attachment ended up installing a Trojan horse (a piece of code) which enabled hackers to obtain details of the targets’ computer networks. Once the Trojan was installed, the attackers used the information to locate and copy files to another part of the targets’ system. Once the desired files had been copied, the attackers could then commence with extracting the data with the company being none the wiser.

The Trojan used has been identified as PoisonIvy, which was developed by a Chinese speaker. Symantec have traced the attacks back to a “20-something male located in the Hebei region of China” who funnelled the process through a US computer server.

When Symantec contacted the potential hacker and prompted him to leave them contact details, he replied with details for someone who would “perform hacking for hire”. The only problem is that the company couldn’t determine whether this was the same person who had been involved in the attacks.

With the number of cyber-attacks increasing, Symantec’s chief technology officer, Greg Day stated “This is unfortunately becoming a new normal behaviour. We had at least a decade of cybercrime which generally targeted anybody. Then we had the emergence of very skilled techniques involving a lot of time and effort to target global organisations. What we have now is almost the commercialisation of those techniques, using elements such as advanced persistent threats to pursue espionage and intellectual property theft, whether that is for their own gain or resale.”

With the number of cyber-attacks set to increase, employees of companies need to remain vigilant and remain cautious when such as in this case, receive suspicious emails. Attachments should only be opened if the user knows that it has come from a trusteed source as opening attachments from untrustworthy sources can result in sensitive data being compromised.

Roaming Security Issues

Workers today are roaming all over the place and using a huge number of devices which includes tablets, smart phones, netbooks and laptops.

“We cease to respect the boundaries of a single machine,” according to SAP’s head of product architecture and technology strategy, Sethu Meenakshisundaram.

The days where desktops were static with a data centre residing in the background running all applications, protected by a firewall are behind us.

Data access and control can be tightly controlled when the enterprise owns and controls everything across a single or even multiple machines. In such a situation security, authentication and device management are all relatively straight forward.

However when you have multiple devices running, digging into an organisation’s data centre there is a requirement for new levels of security. It is not feasible to simply transfer the current desktop model to modern infrastructures.

Symantec are underway to try and deliver specific applications and information to all devices with appropriate levels of encryption.

Ken Schneider at Symantec pointed out the other issue which is that “employees have lots of different credentials spread around – and if they leave the company it may take a long time to get these deprovisioned.”


Asia Unprepared For Disaster: Symantec reveal SMBs in Asia have no DR

Studies have indicated that SMBs (small and medium sized businesses) in the Asia-Pacific region are simply not prepared enough to deal with IT disasters, as only 48% of companies have Disaster Recovery procedures in place.

Symantec found that 12% of Asia Pacific SMBs had no form of DR plan whatsoever and 44% of these did not consider computer systems critical to their business. A further 28% stated that disaster preparedness was not a top priority.

Such a lack of preparation is surprising considering the typical SMB experienced 5 outages within the last 12 months. The leading causes of this were cyber attacks, power outages, upgrades and employee errors.

The data at the heart of such SMBs is simply not protected. Less than half of all SMBs back up their data weekly and only 21% backup daily. Forty-five percent of businesses said that they would loose at least 40% of their data in the event of a disaster, and it is estimated that such an outage would cost their customers up to $45,000 per day. This is one of the main issues in that a disaster not only affects the vendor directly, but also their end clients.

The survey revealed that most businesses are not making disaster recovery a main priority until they experience some form of significant data loss. Fifty-four percent of businesses which have put some form of implementation in place have done so in the last six months. However only 28% of companies have actually tried and tested their disaster recovery procedures, which is critical to being prepared.

Findings also reveal that the cost of being unprepared is huge, placing an SMB under real risk of going out of business. The survey revealed that in addition to costing hundreds of thousands of dollars, any downtime often causes customers to take their business elsewhere.

“Disasters are unpredictable and can happened due to natural causes, human errors or IT systems failures. SMBs which handle sensitive data such as customer records, credit card details or personal files, cannot afford to risk data loss incidents,” said David Dzienciol, Symantec’s vice president for SMB and Channels, Asia Pacific and Japan.

“The research shows that SMBs still haven’t recognised the tremendous impact of a disaster. Simple planning can enable SMBs to protect their information in the event of a disaster, which in turn will help them build trust with their customers.”

In India for instance it is thought that SMBs have yet to recognise the huge impact which disaster can have according to Vineet Sood, the head of channels and alliances at Symantec India.

SMBs must act quickly to put Disaster Recovery Procedures in place and ensure that data is secure, in any eventuality.

Twitter tuition suggested to minimise risks to businesses

The expansion of microblogging site Twitter has meant that millions of people around the world use it, often at work. Like any online trend, malicious groups are attempting to exploit its popularity and security firm Symantec is warning that this could put businesses at risks as employees tweet from work and risk unintentional infection of IT systems from spammers and cybercriminals.

The way to best solve the problem is not to block Twitter but instead to instruct employees on how it can be used safely, according to Symantec.

The most common way to exploit Twitter users and get them to visit malicious sites is to piggyback on a trending topic, cut out the relevant shortened link and replace it with a similarly shortened link that,instead, sends those who click it to a site which could damage systems, breach security and steal data.

Symantec’s Candid Wueest, said that many Twitter users were unable to differentiate between safe links and those which could be potentially harmful. Wueest pointed out that even when ostensibly reputable websites were the subject of a link, it was possible for the criminals to have hijacked the address and therefore spread viruses and malware in relative secret.

Wueest said that one option to combat the threat from Twitter is to keep up to date security software on all work computers, although this is not the only remedy for the problem.

The operators of Twitter itself are also working to limit the impact of malicious links if not eradicate them completely, by allowing users the chance to expand shortened links before they visit them in order to check up on their veracity. The doubling up of URL shorteners might potentially bypass this technique, but Twitter is hoping to overcome any of these basic circumventions that criminals will attempt.

URL shortening has become prevalent in spam of all kinds, with around 18 per cent of malicious emails sent this year containing a shortened link, which is twice as many as in the previous year according to Symantec.

Remote working encourages bad browsing habits, experts claim

IT vendor Symantec has expressed concerns over the way in which people working from home or whilst out and about are more likely to diverge from company policy on security and website access regulations.

In a survey published by Symantec it was found that 35 per cent of an average workforce would be more comfortable attempting to access a restricted website while out of the office than in it. This is based on statistic gleaned from real usage of Symantec’s hosting service.

Symantec’s Paul Wood said that those who work in an office for the majority of the time but then occasionally are required to work remotely are the group most likely to cause security problems due to contravention of browsing rules.

Mr Wood explained that by being taken out of the office environment some workers automatically turn to their leisure time browsing habits and put on hold the surfing security regulations which are enforced by many businesses.

Mr Wood identifies online gambling, social networking and mature adult sites as three of the most common misuses of browsing while worker are operating on a remote basis. He said that this results in a loss of productivity and leaves firms open to security breaches and infection from malware.

By allowing unchecked access to inappropriate sites whilst employees are working from home it is believed that the threat from data loss, malware attack or hacking are greatly increase because over a fifth of the malware intercepted this month has been entirely new, which is up by almost nine per cent on figures for August.

The sudden spike in malware activity and the prevalence of successful malware campaigns which exploit simple social engineering tricks is putting businesses in a compromising position, particularly when employees are allowed remote access to systems while browsing unsupervised.

Symantec notes that although there was an increase in new malware this month, in real terms the number of emails sent out with phishing links onboard actually fell by 13 per cent.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal