6 things that could kill trust in your website
DESCRIPTION
What do your website customers see when they get to your site: a trusted brand or a potential source of malware? We detail 6 website trust issues and let you know how you can solve them.TRANSCRIPT
Make Trust an Asset to Your Online Business 1
Make Trust an Asset to Your Online BusinessSix things that can kill your website
Andrew HorburyProduct Marketing Manager - Symantec
Todays agenda• Online threats – numbers and attack vectors• Six things and recommendations
1. Malware
2. Malvertising
3. Search Engine Blacklisting
4. Security Warnings
5. Phishing
6. Consumer Security Concerns
• More information
2Make Trust an Asset to Your Online Business
Website Security: Six things that can kill your website and how to stop them
Make Trust an Asset to Your Online Business 3
Your website is your shop front, your brand on display and an essential sales and marketing tool.
4
But before that…
THEBIGNUMBERS
69 million
attack sensors make up the Symantec Global Intelligence Network.
Make Trust an Asset to Your Online Business 5
Headline stats
Make Trust an Asset to Your Online Business 6
247,350 web attacks blocked per day
5,291 New Vulnerabilities identified
23% of email contains malware
53% of scanned websites have unpatched vulnerabilities
24 Million identities lost in one breach in Jan 2012
1 in 414 emails is a phishing email
1 in 291 emails contains a virus69% of all email is SPAM
Source: Symantec ISTR http://www.symantec.com/threatreport/
2012 trends: Small Business under attack• Small businesses are the path of
least resistance for attackers• Small businesses believe they are
immune to attacks targeted at them– Even worse, the lack of adequate
security practices by small businesses threatens all of us
• Small businesses are more numerous than enterprises, have valuable data, and are often less well-protected than larger companies
• Small businesses often used as spring boards into larger companies– The websites of small businesses and
organisations are in many cases being used in targeted attacks
Make Trust an Asset to Your Online Business 7
6 threatsMake Trust an Asset to Your Online Business 8
1. Website malware• Webservers can be attacked by malware just like desktop PCs• In 2012, Symantec’s technology scanned over 1.5 million
websites as part of our Website Malware Scanning and Vulnerability Assessment:– Over 130,000 URLs were scanned for malware each day, with 1 in 532 of
websites found to be infected with malware
• Over 1,400 vulnerability scans were performed each day– 53% of websites scanned were found to have unpatched, potentially
exploitable vulnerabilities, of which 24% were deemed to be critical
– The most common vulnerability? Cross-site scripting.
Make Trust an Asset to Your Online Business 9
61%of identified malicious sites are regular websites
Make Trust an Asset to Your Online Business 10
How do criminals break into a website in the first place?• Criminals buy ready-made malware, such as the Sakura toolkit,
which is then installed on someone else’s website. It scans visitors’ computers for known vulnerabilities and picks the most effective exploit to infect them.
Make Trust an Asset to Your Online Business 11
Recommendations:• Keep your website server software up
to date • Control access to key systems – use
strong password, determine who needs access
• Scan your site for malware and vunerabilities.
5,291vulnerabilities reported in 2012
Make Trust an Asset to Your Online Business 12
2. Malvertising• What is Malvertising?
– Malvertising (“Malicious Advertising’) is the use of online advertising to spread malware.
Make Trust an Asset to Your Online Business 13
In 2012, drive-by Web attacks increased by one third, possibly driven by malvertising.
Recommendations:• Use reputable advertising networks.• Where possible, limit adverts’ ability to run code (e.g. use static images or plain text).• Consider a Malvertising scanning tool. Symantec AdVantage, a cloud-hosted tool designed to
block malvertising with real-time monitoring and the ability to trace malware back to its source.
Nothing says don’t visit my site like
Make Trust an Asset to Your Online Business 14
3. Search engine blacklisting• Search engines block upwards
of 6,000 sites each day• Blacklisting can have a
devastating effect on your site traffic and your brand reputation
Recommendations:• Protect your site against
malvertising and malware• Avoid dubious search engine
optimisation techniques• Sign up for Google and Bing
webmaster tools to get email warnings if your site is blacklisted.
Make Trust an Asset to Your Online Business 15
247,350Web attacks blocked per day
Make Trust an Asset to Your Online Business 16
4. Security warnings and expired certificates• Imagine you’re ready to
buy, but as you click on the checkout button, your browser gives you a security warning because of an out of date SSL certificate.
What now?– Shop elsewhere never to
return…
Make Trust an Asset to Your Online Business 17
Security warnings and Expired certificates
Make Trust an Asset to Your Online Business 18
Recommendations:• Audit your certificates so you know what you have, who
supplies them and when they expire• Consolidate certificates under a single management
umbrella• Set up alerts and diary notes to remind you in good time
before certificates expire.
5. Brand impersonation (phishing)
Make Trust an Asset to Your Online Business 19
Criminals use well-known names and brands to trick people into disclosing confidential information or installing malware.
79% of companies experienced one or more Web-borne attacks in 2012, and 55 percent were affected by phishing attacks.**Webroot/Qualittics Research 2012
Phishing
Recommendations:• Use Extended Validation SSL Certificates to authenticate your
site and reassure customers that they are not using a phishing site
• Consider implementing Always-on SSL which provides a visible reassurance that a user’s interaction with your site is secure and encrypted from start to finish.
Make Trust an Asset to Your Online Business 20
6. Customer security concerns
Make Trust an Asset to Your Online Business 21
First Impressions
First Impressions are often the only impressionsOn average, a visitor to your website will spend a maximum of 10-20 seconds on any one page.
Make Trust an Asset to Your Online Business 22
Make Trust an Asset to Your Online Business 25
Recommendations:• You ARE trustworthy so make it
obvious• Display a visible sign of your
websites security• Consider Always on SSL• Communicate your added value
• Reduce clutter on your site
750million times a day
Number of times per day the Norton Secured Seal is viewed
Make Trust an Asset to Your Online Business 26
Key takeaways
You will be targeted take precautions• Scan for malware• Look for vulnerabilities
Demonstrate trust – it really adds value
Then finally…MAKE YOUR SITE THE BEST IT CAN BE, TEST AND RETEST, GO BEYOND THE SITE, REDUCE THE CLUTTER, BE THERE TO HELP, ESTABLISH & DEMONTRATE TRUSTMake Trust an Asset to Your Online Business 2
7
Linkage
28
How Long Do Users Stay on Web Pages: http://www.nngroup.com/articles/how-long-do-users-stay-on-web-pages/
Slow Loading: http://www.nytimes.com/2012/03/01/technology/impatient-web-users-flee-slow-loading-sites.html?pagewanted=all&_r=1&
Checkout Challenges: http://econsultancy.com/uk/blog/11297-effective-ecommerce-tackling-the-checkout-challenge
XSS Cross Site Scripting: http://vimeo.com/9765188
Always be testing: http://www.amazon.co.uk/Always-Testing-Complete-Website-Optimizer/dp/0470290633/ref=sr_1_3?ie=UTF8&qid=1359999021&sr=8-3
Which Site Seal do People Trust the Most? (2013 Survey Results): http://baymard.com/blog/site-seal-trust
Make Trust an Asset to Your Online Business
24:31Make Trust an Asset to Your Online Business 2
9
Learn More
30
Web http://www.symantec.com/en/au/ssl-certificates
Follow us @NortonSecured
Like us fb.me/SymantecWebsiteSecuritySolutions
Read our blog symantec.com/connect/blogs/website-security-solutions
See our latest tips https://www.staysecureonline.com
ISTR http://www.symantec.com/threatreport/http://www.symantec.com/threatreport/quarterly.jsp
Whitepapers Symantec-wss.com
Make Trust an Asset to Your Online Business