6 things that could kill trust in your website

Make Trust an Asset to Your Online Business 1

Make Trust an Asset to Your Online BusinessSix things that can kill your website

Andrew HorburyProduct Marketing Manager - Symantec

Todays agenda• Online threats – numbers and attack vectors• Six things and recommendations

1. Malware

2. Malvertising

3. Search Engine Blacklisting

4. Security Warnings

5. Phishing

6. Consumer Security Concerns

• More information

2Make Trust an Asset to Your Online Business

Website Security: Six things that can kill your website and how to stop them


Your website is your shop front, your brand on display and an essential sales and marketing tool.

4

But before that…

THEBIGNUMBERS

69 million

attack sensors make up the Symantec Global Intelligence Network.


Headline stats


247,350 web attacks blocked per day

5,291 New Vulnerabilities identified

23% of email contains malware

53% of scanned websites have unpatched vulnerabilities

24 Million identities lost in one breach in Jan 2012

1 in 414 emails is a phishing email

1 in 291 emails contains a virus69% of all email is SPAM

Source: Symantec ISTR http://www.symantec.com/threatreport/

http://www.symantec.com/threatreport/

2012 trends: Small Business under attack• Small businesses are the path of

least resistance for attackers• Small businesses believe they are

immune to attacks targeted at them– Even worse, the lack of adequate

security practices by small businesses threatens all of us

• Small businesses are more numerous than enterprises, have valuable data, and are often less well-protected than larger companies

• Small businesses often used as spring boards into larger companies– The websites of small businesses and

organisations are in many cases being used in targeted attacks


6 threatsMake Trust an Asset to Your Online Business 8

1. Website malware• Webservers can be attacked by malware just like desktop PCs• In 2012, Symantec’s technology scanned over 1.5 million

websites as part of our Website Malware Scanning and Vulnerability Assessment:– Over 130,000 URLs were scanned for malware each day, with 1 in 532 of

websites found to be infected with malware

• Over 1,400 vulnerability scans were performed each day– 53% of websites scanned were found to have unpatched, potentially

exploitable vulnerabilities, of which 24% were deemed to be critical

– The most common vulnerability? Cross-site scripting.


61%of identified malicious sites are regular websites


How do criminals break into a website in the first place?• Criminals buy ready-made malware, such as the Sakura toolkit,

which is then installed on someone else’s website. It scans visitors’ computers for known vulnerabilities and picks the most effective exploit to infect them.


Recommendations:• Keep your website server software up

to date • Control access to key systems – use

strong password, determine who needs access

• Scan your site for malware and vunerabilities.

5,291vulnerabilities reported in 2012


2. Malvertising• What is Malvertising?

– Malvertising (“Malicious Advertising’) is the use of online advertising to spread malware.


In 2012, drive-by Web attacks increased by one third, possibly driven by malvertising.

Recommendations:• Use reputable advertising networks.• Where possible, limit adverts’ ability to run code (e.g. use static images or plain text).• Consider a Malvertising scanning tool. Symantec AdVantage, a cloud-hosted tool designed to

block malvertising with real-time monitoring and the ability to trace malware back to its source.

Nothing says don’t visit my site like


3. Search engine blacklisting• Search engines block upwards

of 6,000 sites each day• Blacklisting can have a

devastating effect on your site traffic and your brand reputation

Recommendations:• Protect your site against

malvertising and malware• Avoid dubious search engine

optimisation techniques• Sign up for Google and Bing

webmaster tools to get email warnings if your site is blacklisted.


247,350Web attacks blocked per day


4. Security warnings and expired certificates• Imagine you’re ready to

buy, but as you click on the checkout button, your browser gives you a security warning because of an out of date SSL certificate.

What now?– Shop elsewhere never to

return…


Security warnings and Expired certificates


Recommendations:• Audit your certificates so you know what you have, who

supplies them and when they expire• Consolidate certificates under a single management

umbrella• Set up alerts and diary notes to remind you in good time

before certificates expire.

5. Brand impersonation (phishing)


Criminals use well-known names and brands to trick people into disclosing confidential information or installing malware.

79% of companies experienced one or more Web-borne attacks in 2012, and 55 percent were affected by phishing attacks.**Webroot/Qualittics Research 2012

Phishing

Recommendations:• Use Extended Validation SSL Certificates to authenticate your

site and reassure customers that they are not using a phishing site

• Consider implementing Always-on SSL which provides a visible reassurance that a user’s interaction with your site is secure and encrypted from start to finish.


6. Customer security concerns


First Impressions

First Impressions are often the only impressionsOn average, a visitor to your website will spend a maximum of 10-20 seconds on any one page.



Recommendations:• You ARE trustworthy so make it

obvious• Display a visible sign of your

websites security• Consider Always on SSL• Communicate your added value

• Reduce clutter on your site

750million times a day

Number of times per day the Norton Secured Seal is viewed


Key takeaways

You will be targeted take precautions• Scan for malware• Look for vulnerabilities

Demonstrate trust – it really adds value

Then finally…MAKE YOUR SITE THE BEST IT CAN BE, TEST AND RETEST, GO BEYOND THE SITE, REDUCE THE CLUTTER, BE THERE TO HELP, ESTABLISH & DEMONTRATE TRUSTMake Trust an Asset to Your Online Business 2

7

Linkage

28

How Long Do Users Stay on Web Pages: http://www.nngroup.com/articles/how-long-do-users-stay-on-web-pages/

Slow Loading: http://www.nytimes.com/2012/03/01/technology/impatient-web-users-flee-slow-loading-sites.html?pagewanted=all&_r=1&

Checkout Challenges: http://econsultancy.com/uk/blog/11297-effective-ecommerce-tackling-the-checkout-challenge

XSS Cross Site Scripting: http://vimeo.com/9765188

Always be testing: http://www.amazon.co.uk/Always-Testing-Complete-Website-Optimizer/dp/0470290633/ref=sr_1_3?ie=UTF8&qid=1359999021&sr=8-3

Which Site Seal do People Trust the Most? (2013 Survey Results): http://baymard.com/blog/site-seal-trust

Make Trust an Asset to Your Online Business

http://www.nngroup.com/articles/how-long-do-users-stay-on-web-pages/



http://www.nytimes.com/2012/03/01/technology/impatient-web-users-flee-slow-loading-sites.html?pagewanted=all&_r=1&




http://econsultancy.com/uk/blog/11297-effective-ecommerce-tackling-the-checkout-challenge

http://econsultancy.com/uk/blog/11297-effective-ecommerce-tackling-the-checkout-challenge

http://vimeo.com/9765188

http://vimeo.com/9765188

http://www.amazon.co.uk/Always-Testing-Complete-Website-Optimizer/dp/0470290633/ref=sr_1_3?ie=UTF8&qid=1359999021&sr=8-3




http://baymard.com/blog/site-seal-trust

http://baymard.com/blog/site-seal-trust

24:31Make Trust an Asset to Your Online Business 2

9

Learn More

30

Web http://www.symantec.com/en/au/ssl-certificates

Follow us @NortonSecured

Like us fb.me/SymantecWebsiteSecuritySolutions

Read our blog symantec.com/connect/blogs/website-security-solutions

See our latest tips https://www.staysecureonline.com

ISTR http://www.symantec.com/threatreport/http://www.symantec.com/threatreport/quarterly.jsp

Whitepapers Symantec-wss.com


31

Thank you!Andrew Horbury

[email protected]
