Tarun Kaura, Director –Solution Product Management for Asia Pacific and Japan, Symantec, addresses a media roundtable in Bangalore, April 21 2016 ( Photo: IndiaTechOnline)
Symantec Net security survey suggests: Jagte Raho!

Bangalore,  April 22, 2016: The annual Internet Security Threat Report (ISTR), Volume 21 brought out by  Symantec,  highlights  some alarming facts  about India's place in the global statistics of  vulnerability.
Some key findings: 

  • In 2015, Indian organizations were the 6th most targeted in Asia, with targeted organizations on the receiving end of two attacks on an average.
  • India witnessed a 156 percent increase in the percentage of social media scams. Every sixth scam impacted an Indian, making it the most targeted country in Asia and second in the world. A whopping 94 percent of these scams were spread through manual sharing, proving India’s burgeoning social media population remains a favored target of scammers.
  • After ranking 6th in 2014, India now ranks 18th as a source of spam
  • November,  possibly because of the holiday season, was the busiest month for cybercriminals in India and across the globe, with an average of 2.5 targeted attacks per day being aimed at Indian enterprises in the month.
  • Only 30 percent of targeted attacks were on large enterprises (down from 60 percent in 2014), they were six times more likely to be targeted at least once a year compared to small businesses
  • Mining was the highest risk prone sector, where one out of two companies was attacked at least once last year. 40 percent of BFSI businesses were also attacked at least once.

And globally:

  • Ransomware also continued to evolve in 2015. The more aggressive crypto-ransomware attack that encrypts all of a victim’s digital content and holds it hostage until a ransom is paid, grew by 35 percent globally. This year, ransomware spread beyond PCs to smart phones, Mac and Linux systems, with attackers increasingly seeking any network-connected device that could be held hostage for profit, indicating that the enterprise is the next target.
  • Don’t Call Us, We’ll Call You: Cyber Scammers Now Make You Call Them to Hand Over Your Cash: As people conduct more of their lives online, attackers are increasingly focused on using the intersection of the physical and digital world to their advantage. In 2015, cybercriminals revisited fake technical support scams, which saw a 200 percent increase globally. With close to 5, 00,000 attacks last year, India ranked 11 amongst countries targeted the most by tech support scams. The difference now is that scammers send fake warning messages to devices like smartphones to prompt people to call attackers directly in order to dupe them into buying useless services or even install malware.

“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” says Tarun Kaura, Director –Solution Product Management for Asia Pacific and Japan, Symantec. “We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”

Symantec suggestions  for Businesses:

  • Don’t get caught flat-footed: Use advanced threat and adversary intelligence solutions to help you find indicators of compromise and respond faster to incidents. 
  • Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
  • Prepare for the worst: Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.|·       Provide ongoing education and training: Establish simulation-based training for all employees as well guidelines and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.

For Consumers:

  • Use strong passwords: Use strong and unique passwords for your accounts. Change your passwords every three months and never reuse your passwords. Additionally, consider using a password manager to further protect your information.
  • Think before you click: Opening the wrong attachment can introduce malware to your system. Never view, open, or copy email attachments unless you are expecting the email and trust the sender.
  • Protect yourself: An ounce of protection is worth a pound of cure. Use an internet security solution that includes antivirus, firewalls, browser protection and proven protection from online threats.
  • Be wary of scareware tactics: Versions of software that claim to be free, cracked or pirated can expose you to malware. Social engineering and ransomware attacks will attempt to trick you into thinking your computer is infected and get you to buy useless software or pay money directly to have it removed.
  • Safeguard your personal data: The information you share online puts you at risk for social engineered attacks. Limit the amount of personal information you share on social networks and online, including login information, birth dates and pet names.