New Era of ‘Mega Breaches’ Signals Bigger Payouts and Shifting Behavior for Cybercriminals
Thailand Ranked 28th Among Countries Globally on Internet Security Threat Activities
BANGKOK, Thailand– April 23, 2014 – After lurking in the shadows for the first ten months of 2013, cybercriminals unleashed the most damaging series of cyberattacks in history. Symantec Corp.’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR), Volume 19, shows a significant shift in cybercriminal behavior, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.
“There has been a decline in Thailand’s cyber security threat profile, ranked 28th globally last year. A key observation is while the level of sophistication continues to grow among attackers, what was surprising was their willingness to be a lot more patient – waiting to strike until the reward is bigger and better,” said Pramut Sriwichian, Country Manager, Symantec Thailand.
In 2013, there was a 62 percent increase in the number of data breaches from the previous year, resulting in more than 552 million identities exposed – proving cybercrime remains a real and damaging threat to consumers and businesses alike.
“Security incidents, managed well, can actually enhance customer perceptions of a company; managed poorly, they can be devastating,” wrote Ed Ferrara, VP and principal analyst, Forrester Research. “If customers lose trust in a company because of the way the business handles personal data and privacy, they will easily take their business elsewhere.”
Defense is Harder than Offense
The size and scope of breaches is exploding, putting the trust and reputation of businesses at risk, and increasingly compromising consumers’ personal information – from credit card numbers and medical records to passwords and bank account details. Each of the eight top data breaches in 2013 resulted in the loss of tens of millions of data records. By comparison, 2012 only had a single data breach reach that threshold.
“The potential of huge paydays means large-scale attacks are here to stay. Do not expect cybercriminals to slow down but rather, they will be more innovative and efficient in their attacks, targeting Small and Medium Businesses with less than 500 employees, in particular the manufacturing, wholesale and professional services sectors in Thailand,” said Nopchai Tangtritham, Technical Director at Symantec Thailand.
“Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture,” Nopchai added.
Targeted attacks were up 91 percent and lasted an average of three times longer compared to 2012. Personal assistants and those working in public relations were the two most targeted professions – cybercriminals use them as a stepping stone toward higher-profile targets like celebrities or business executives.
How to Maintain Cyber Resiliency
While the increasing flow of data from smart devices, apps and other online services is tantalizing to cybercriminals, there are steps businesses and consumers can take to better protect themselves – whether it be from a mega data breach, targeted attack or common spam. Symantec recommends the following best practices:
– Know your data: Protection must focus on the information – not the device or data center. Understand where your sensitive data resides and where it is flowing to help identify the best policies and procedures to protect it.
– Educate employees: Provide guidance on information protection, including company policies and procedures for protecting sensitive data on personal and corporate devices.
– Implement a strong security posture: Strengthen your security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies.
– Be security savvy: Passwords are the keys to your kingdom. Use password management software to create strong, unique passwords for each site you visit and keep your devices – including smartphones – updated with the latest security software.
– Be vigilant: Review bank and credit card statements for irregularities, be cautious when handling unsolicited or unexpected emails and be wary of online offers that seem too good to be true – they usually are.
– Know who you work with: Familiarize yourself with policies from retailers and online services that may request your banking or personal information. As a best practice, visit the company’s official website directly (as opposed to clicking on an emailed link) if you must share sensitive information.
About the Internet Security Threat Report
The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.
Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company’s more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2013, it recorded revenues of $6.9 billion. To learn more go to \www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.
Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.
 New Research: CISOs Need To Add Customer Obsession To Their Job Description, Ed Ferrara Forrester Research, Inc. Blog Post, March 2014