不祥的2016年网络安全统计表明需要保持警惕

Security firm, Symantec’s 2016 Internet Security Threat Report has revealed some startlingly ominous statistics about the increased threat faced by businesses with websites and online applications. Although it’s grim reading, it makes it absolutely clear to webmasters about the need to be vigilant and to be thoroughly proactive when it comes to security. If you feel you may have been a little complacent in the past, the points below might just make you a little more cautious.

安全公司赛门铁克的《 2016年互联网安全威胁报告》披露了一些令人吃惊的不祥数据，这些数据表明拥有网站和在线应用程序的企业所面临的威胁越来越大。 尽管这是一本冷酷的书，但对于网站管理员而言，绝对绝对清楚地需要在安全性方面保持警惕并全面主动。 如果您觉得自己过去有点自满，那么以下几点可能会使您更加谨慎。

零日漏洞增加了125％ (125% increase in zero-day vulnerabilities)

For those who aren’t familiar with the term, a zero-day vulnerability is when there is a security hole in software that its developer does not know about. When this happens, the software can be hacked before the developers become aware, leaving it open to mass exploitation before a patch can be created to fix it.

对于不熟悉该术语的人来说，零日漏洞是指开发人员不知道的软件中存在安全漏洞。 发生这种情况时，可以在开发人员意识到之前就对该软件进行黑客攻击，在可以创建补丁进行修复之前，可以对其进行大规模利用。

These types of vulnerability are extremely dangerous as hackers have the potential to do untold damage to millions of users before the vulnerability comes to light. In 2015, there were 54 zero-day vulnerabilities discovered, a 125% increase on 2014. With a new zero-day security hole appearing every week, hackers are having a field day because once a developer has created a patch, they can simply move on to the next piece of vulnerable software.

这些类型的漏洞非常危险，因为黑客有可能在漏洞暴露之前对数百万的用户造成无数损失。 2015年，发现了54个零日漏洞，与2014年相比增加了125％。随着每周出现一个新的零日漏洞，黑客开始了一天的活动，因为一旦开发人员创建了补丁，他们便可以轻松地移动下一个易受攻击的软件。

According to Symantec, the two most vulnerable pieces of software in 2015 were Internet Explorer and Adobe Flash, both of which are used by many millions of businesses and private individuals. Aside from uninstalling the software, there is nothing a user can do to protect themselves until a patch is created. Once it is, it is essential that the update is applied without delay.

根据赛门铁克的说法，2015年最易受攻击的两个软件是Internet Explorer和Adobe Flash，这两个软件已被数百万企业和个人使用。 除了卸载软件外，在创建补丁之前，用户无法采取任何措施来保护自己。 一旦完成，必须立即应用更新，这一点至关重要。

个人数据丢失大量增加 (Huge increase in loss of personal data)

For those companies that have been complacent about their compliance, the figures revealed in the 2016 report show an ever increasing need to remain vigilant about the loss and theft of personal data.

对于那些对自己的合规性感到沾沾自喜的公司，2016年报告中显示的数据表明，越来越需要保持警惕以防备个人数据的丢失和被盗。

Symantec’s report tells us that 429 million personal records were lost or stolen during last year, a jump of almost a quarter on 2014. However, this is just the tip of the iceberg: the negative publicity that companies get following a data breach (think Ashley Madison and Talk Talk) has resulted in 85% of businesses failing to report the number of records lost during a breach. With this taken into account, Symantec reckons there were well over half a billion data records lost.

赛门铁克的报告告诉我们，去年有4.29亿个人记录丢失或被盗，比2014年增长了近四分之一。然而，这只是冰山一角：公司在数据泄露后受到负面宣传(想想Ashley Madison and Talk Talk)已导致85％的企业未能报告在一次违规期间丢失的记录数。 考虑到这一点，赛门铁克认为丢失了超过十亿条数据记录。

The implications for businesses are clear; you need to put in ever more robust security measures to protect your data: better policies, access controls, two-step authentication, stronger passwords, data encryption and intrusion prevention.

对企业的影响是显而易见的； 您需要采取更加强大的安全措施来保护您的数据：更好的策略，访问控制，两步身份验证，更强大的密码，数据加密和入侵防御。

75％的网站存在重大安全漏洞 (Major security weaknesses in 75% of websites)

The failure of webmasters to thoroughly patch security weaknesses means that three-quarters of legitimate websites leave businesses and their customers vulnerable to attack or infection. In 2015, according to Symantec, over a million people’s computers and devices were attacked – every day!

网站管理员无法彻底修补安全漏洞，意味着四分之三的合法网站使企业及其客户容易受到攻击或感染。 根据赛门铁克的资料，2015年每天都有超过一百万的计算机和设备遭到攻击！

They go on to add that 15% of websites have critical vulnerabilities where security is so poor that cybercriminals can gain control easily, with little effort and exploit the site for their own purposes. In the words of Symantec, itself, “It’s time for website administrators to step up and address the risks more aggressively.”

他们还补充说，有15％的网站存在严重漏洞，而这些漏洞的安全性很差，以至于网络犯罪分子可以轻松地获得控制权，而无需付出任何努力，就可以将其用于自己的目的。 用赛门铁克本身的话来说，“现在是网站管理员加紧努力并更积极地应对风险的时候了。”

针对员工的鱼叉式网络钓鱼增加55％ (55% increase in spear phishing targeting employees)

Spear phishing is a well-established form of email scam where people receive emails purporting to be from people they know or organisations they have dealings with. These emails often have credible information which misleads the receiver in believing them to be genuine; because of this, they unwittingly give away information the hacker needs to commit cybercrime.

鱼叉式网络钓鱼是一种公认​​的电子邮件骗局形式，人们在其中收到的电子邮件似乎来自其认识的人或与之打交道的组织。 这些电子邮件通常具有可信的信息，从而使收件人误以为它们是真实的； 因此，他们无意间泄露了黑客实施网络犯罪所需的信息。

Last year saw a 55% increase in the use of spear phishing attacks and 43% of these were aimed at small business. One of the important conclusions from Symantec’s findings is the need for businesses to have robust policies and regular staff training on phishing – the reason being, that when an employee at a company succumbed to a phishing attack the usual result was an increase in the number of attacks on that company. Larger companies were more at risk of repeated attacks and these resulted in an average of 3.6 people per business falling foul of the scam and giving away important information.

去年，鱼叉式网络钓鱼攻击的使用增加了55％，其中43％是针对小型企业的。 赛门铁克调查结果的重要结论之一是，企业需要制定强有力的政策和定期对网络钓鱼进行员工培训–原因是，当公司的员工遭受网络钓鱼攻击时，通常的结果是，网络钓鱼的数量增加了。攻击那家公司。 较大的公司更容易遭受反复攻击，这导致每个企业平均有3.6个人被骗并提供重要信息。

Surprisingly, Symantec discovered that spear phishing was not just used by your archetypal cybercriminal, but was also employed by unscrupulous competitors undertaking industrial espionage and by foreign countries on state-sponsored hacks.

令人惊讶的是，赛门铁克发现鱼叉式网络钓鱼不仅被您的原型网络犯罪分子使用，而且还被从事工业间谍活动的无良竞争者以及由国家资助的黑客所利用。

勒索软件增加了35％，并传播到新领域 (Ransomware increased 35% and spread to new territories)

Ransomware is an easy way for hackers to make big profits. If you unwittingly install it on your computer, it is locked until you pay the ransom – and the longer you take to pay, the more you will be charged. It has proved so effective, incidences have increased by 35% over the last year.

勒索软件是黑客获取丰厚利润的简便方法。 如果您在不经意间将其安装在计算机上，它将一直处于锁定状态，直到您支付赎金为止-付款时间越长，您将被收取的费用越多。 事实证明，它是如此有效，发病率比去年增加了35％。

However, that is not the end of its developments. For the first time, the old style screen lock version of ransomware has been overtaken by the more pervasive encryption lock, which is much more difficult to get rid of without paying the ransom. In addition, its success with PCs has led to programmers making versions which now work on Mac, Linux and smartphones. Symantec has also proved it can be used on smartwatches and if this is possible, then the potential for it being used to ransom any Internet of Things device is certainly something that will trouble IoT developers in the future.

但是，这还不是发展的终点。 勒索软件的旧式屏幕锁定版本首次被更普遍的加密锁所取代，如果不付赎金，很难摆脱它。 此外，它在PC上的成功使程序员能够制作可在Mac，Linux和智能手机上运行的版本。 赛门铁克还证明了它可以在智能手表上使用，如果可能的话，那么将其用于勒索任何物联网设备的潜力肯定会在未来给物联网开发人员带来麻烦。

For businesses and other organisations the cost of ransomware can be very high. One hospital in California recently had to pay $17,000 for access to its server. Indeed, the downing of mission-critical apps whilst you pay the ransom could lose you more in business than the cost of the ransom itself.

对于企业和其他组织而言，勒索软件的成本可能很高。 加利福尼亚的一家医院最近不得不支付17,000美元来访问其服务器。 实际上，在您支付赎金的同时关闭关键任务应用程序可能会使您的业务损失比赎金本身的成本还高。

虚假技术支持骗局的上升 (Rise in fake technical support scams)

Lots of people have experienced those phone calls where someone rings up telling you “I’m from the technical department, there’s a problem with your computer.” Whilst the vast majority of people know to put the phone down, these scams are on the increase. These days, the main way these scams operate is by using a popup on the computer screen to tell you that there is an urgent problem and then give you a free phone number where you can get help. Of course, they really want personal data and login information. Symantec blocked over 100 million of these popup attacks last year, so when you take the other antivirus software providers into account the number of attacks taking place must be huge.

很多人都经历过这些电话，有人打电话告诉您“我来自技术部门，您的计算机有问题。” 虽然绝大多数人都知道放下电话，但这些骗局却在增加。 如今，这些骗局的主要操作方式是通过在计算机屏幕上使用弹出窗口来告诉您有紧急问题，然后为您提供免费的电话号码以获取帮助。 当然，他们确实需要个人数据和登录信息。 去年，赛门铁克阻止了超过1亿次此类弹出式攻击，因此，当您考虑其他防病毒软件提供商时，发生的攻击次数肯定是巨大的。

Again, the message to businesses is to make sure that you have anti-virus and surfing protection software installed to block the popups and that your employees are well trained on what to do if these kinds of scams appear on their computers.

再次向企业传达的信息是，确保您安装了防病毒和网上冲浪保护软件以阻止弹出窗口，并且确保您的员工接受了有关如何在计算机上出现此类骗局的良好培训。

结论 (Conclusion)

Once again, Symantec’s annual report shows how cybercriminals are increasing the numbers of attacks against businesses, stealing growing amounts of personal data and finding new and more sophisticated ways to exploit vulnerabilities in systems, software and people’s behaviour. If an attack against your business is successful, the consequences can be dire: financial loss, reputational damage, lawsuits and more.

赛门铁克的年度报告再一次显示了网络犯罪分子如何增加对企业的攻击数量，窃取越来越多的个人数据以及寻找利用系统，软件和人们行为中的漏洞的新的更复杂的方法。 如果对您的企业的攻击成功，后果可能是可怕的：经济损失，声誉受损，诉讼等等。

To protect your company, make sure security is at the heart of your operations and that your web host provides you with the most up to date security solutions.

为了保护您的公司，请确保安全性是操作的核心，并且Web主机为您提供最新的安全性解决方案。

eUKhost provides a wide range of effective security measures to protect our clients, including SSL, website backup, SpamExperts email protection, site monitoring and intrusion protection, Mtvscan vulnerability scanning, 24×7 support staff and Fortigate firewalls.

eUKhost提供了一系列有效的安全措施来保护我们的客户，包括SSL，网站备份，SpamExperts电子邮件保护，站点监视和入侵保护， Mtvscan漏洞扫描 ，24×7支持人员和Fortigate防火墙。

If you are concerned about your organisation’s website security or want to know how eUKhost can protect your organisation, get in touch on 0800 862 0380.

如果您担心组织的网站安全性或想知道eUKhost如何保护您的组织，请联系0800 862 0380。

 

翻译自: https://www.eukhost.com/blog/webhosting/ominous-2016-web-security-stats-show-need-for-vigilance/