Website Security Advice from Symantec
Symantec has recently published its 2015 Website Security Threat Report. This comprehensive annual report compiles Internet threat data based on the findings of the Symantec™ Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. Rob Hoblit, Symantec’s Vice President of Trust Services Product Management, shared his thoughts on the report outcomes.
1. What does this year’s report tell us?
The Website Security Threat Report 2015 reminds us, once again, that cybercriminals are relentless, and they will continue to find more and more sophisticated ways to attack and exploit any security weaknesses. Fortunately, security technology also continues to advance, and Symantec has unrivaled insight into emerging threats that helps keep Namecheap customers a step ahead.
2. One of Namecheap’s primary goals is ensuring the online security and privacy of its customers. What’s the biggest security challenge facing businesses today?
The challenge today is to protect the Internet for everyone, from the online novice to the seasoned web surfer. This is becoming easier thanks to important milestones in website security technology. For example, EV SSL turns the browser bar green, indicating a safe site. So your users will know their browsing activity is secure, regardless of how much they know about web security. EV verification guidelines are drawn up by the CA/Browser Forum and require the CA to run a much more rigorous identity check on the organization or individual applying for the certificate, so EV SSL provides the highest visible display of online trust for Namecheap customers.
3. What concerns you most about the current landscape?
We’re keeping an eye on organized cybercrime. A drive-by download web toolkit, complete with updates and round-the-clock technical support can now be rented from just $100 per week. DDoS attacks can be ordered against a site for between $10 and $1000 per day. Credit card details can be purchased for between $0.50 and $20 per card. And 1,000 followers on a social network can be bought for as little as $2. With a whole host of off-the-shelf products and services available, and even a choice of service providers, cybercriminal operations are increasingly capable of disguising themselves as legitimate industries. Faced with this growing level of infrastructure and organization, we strongly recommend that Namecheap’s business customers utilize the right website security technology, implement it properly, and maintain it correctly.
4. What’s the biggest single weakness in security today?
Unfortunately, the human element is the weakest link in the equation. It presents itself in two ways: Take the infamous Heartbleed bug of April 2014 that affected free-to-use OpenSSL software, along with 17% of SSL web servers. This isn’t a story about criminal genius; it’s about a failing in human-built OpenSSL software. The second example is the targeted attacks against organizations via spear-phishing email campaigns, which rose 8% in 2014. This shows that as security measures get harder to crack, criminals go after the soft target instead: The staff.
5. What’s the next big leap in security technology?
We’re taking SSL security to the next level, which is great news for Namecheap users. 2014 saw SSL certificate algorithms become stronger than ever. At Symantec, we moved from SHA-1 to SHA-2 as a default. We also now offer an option of the ECC algorithm. ECC-256-bit keys are a much stronger alternative to the industry-standard RSA algorithm and are 10,000 times harder to crack. What’s more, ECC also requires far less processing power on a website than RSA, and it can handle more users and more connections simultaneously. ECC is the next chapter in the exciting story of SSL.