WEBSITE SECURITY THREAT REPORT © 2015 Symantec, Inc. All rights reserved. Symantec, the Symantec logo, and other trademarks, service marks, and designs are registered trademarks of Symantec, Inc. in the United States and/or other countries. SPEAR-PHISHING SCAMMERS SHARPEN THEIR ATTACKS WITH CLEVER NEW TACTICS Attackers win your confidence with personalized, targeted emails Get the whole threat picture and learn more about how to protect yourself in Symantec’s new Website Security Threat Report Expect to be attacked. It’s not if, but when. Use strong, cloud-based filtering to identify and eliminate spear-phishing attacks 91% OF CYBERATTACKS START WITH A SPEAR-PHISHING EMAIL RISK RATIO OF SPEAR-PHISHING ATTACKS BY JOB ROLE SPEAR-PHISHERS TARGET EMPLOYEES WHO MAY BE UNAWARE OF WHAT A SUSPICIOUS EMAIL LOOKS LIKE THAT’S THE MEDIAN TIME-TO-FIRST-CLICK WHEN A SPEAR-PHISHING EMAIL LANDS IN AN INBOX ON A COMPANY NETWORK. * *VERIZON BREACH INVESTIGATIONS REPORT 2015 YOU NOW HAVE 80 SECONDS TO PROTECT YOUR COMPANY! 27 % 26 % MANAGER 19 % 13 % 11 % INDIVIDUAL CONTRIBUTOR 25 % INTERN DIRECTOR SUPPORT OTHER Attackers prowl for weaknesses in an internal network’s hostnames, IP addresses, and internal path names 80 sec 84% of spear phishing attacks target large enterprises* but attacks on medium-sized and small businesses are rising THE MOST COMMONLY USED SPEAR PHISHING WORDS Targeted attack campaigns rose by 8% Custom malware with crafted email messages evade security Many have malicious file attachments and many more include infected links in emails. Source : Symantec | .cloud.SRL 35 % 27 % 30 % 23 % 19 % 16 % 14 % 11 % 1IN 2.9 Individuals in Sales and Marketing job roles were the most targeted in 2014, with 1 in 2.9 of them being targeted at least once; this is equivalent to 35 percent of Sales and Marketing personnel. KEEP YOUR GUARD UP. DON’T MAKE IT EASY FOR CRIMINALS 23% of employees open phishing messages—11% actually click on malicious attachments! Implement Always-On SSL Educate your employees on what a spear phishing email looks like Change your passwords often SALES/MARKETING SALES/MARKETING 1IN 3.8 OPERATIONS OPERATIONS FINANCE R&D IT ENGINEERING HR & RECRUITMENT OTHER 1IN 3.3 FINANCE 1IN 4.4 R&D 1IN 5.4 IT 1IN 7.2 HR & RECRUITMENT 1IN 9.3 OTHER 1IN 6.4 ENGINEERING 2014 RISK RATIO 2014 RISK RATIO AS % RISK RATIO OF SPEAR-PHISHING ATTACKS BY JOB LEVEL Source : Symantec | .cloud.SRL Managers were the most frequently targeted level of seniority in 2014, with 1 in 3.8 of them being targeted at least once; this is equivalent to 26 percent of individ- uals at managerial level. 1IN 3.7 INDIVIDUAL CONTRIBUTOR 1IN 3.9 INTERN 2014 RISK RATIO 2014 RISK RATIO AS % 1IN 5.4 DIRECTOR 1IN 7.6 SUPPORT 1IN 9.3 OTHER * 2500+ EMPLOYEES 1IN 3.8 MANAGER