National Cyber Security Awareness Month (NCSAM) is a month-long initiative to raise awareness on how organizations and consumers can get involved to keep our online lives safe and secure. This year’s NCSAM theme is “Our Shared Responsibility."

As a leader in global cyber security, Symantec is committed to promoting cyber security awareness not only in the month of October, but year round. Be sure to attend next week’s webinar:

Date: Wednesday, October 5, 2016
Title: Cyber Readiness: Going Beyond “Awareness” and Building a Culture of Security
Time: 10 am PT
Speaker: Kelley Bray, Employee Trust and Customer One, Symantec
Register for the October 5 webinar here.

Topics include:

• How to keep your organization and yourself safe online
• Tips on how to continuously cultivate a security culture
• Going beyond basic security awareness training 

Building a strong culture of security is the key to ensuring that your users care enough about the security of your company to protect it. Every day, in every interaction, we want our Symantec users to do the right thing when it comes to security.

Don’t miss out!

Follow the conversation on social media using #CyberAware throughout October!

Time: 10:00 AM (PST) / 1:00 PM (EST)

Date: October 18, 2016

Anatomy of a Ransomware Attack

Did you know that just opening a compromised web page could allow dangerous code to install on a PC or smartphone? You don’t have to click “accept” for a download or software update to install malware on your machines and trigger an infection and the consequences can be enormous.

Why you need to build 24 X 7 threat monitoring into your environment

Ransomware is an extremely profitable type of attack. It only takes one network-connected device to expand a malware infection and hold an entire organization hostage for profit. Last year, the use of encryption as a weapon to hold companies’ and individuals’ critical data hostage grew by 35 percent.

• Learn from our cyber security experts about what can happen in a ransomware attack, based on real-life events.
• Understand how the malware entered the IT infrastructure of two different companies, and find out how long it stayed and the impact to these businesses.
• Learn more about how attacks are identified and remediated, as well as some best practices for handling ransomware attacks, should one occur in your company.  

Improve your line of defense against ransomware and minimize the loss of key data, money and intellectual property from your organization.

Register Here http://bit.ly/SymantecWebinar1018blog

Symantec’s Volunteer of the Quarter initiative highlights and rewards those employees who dedicate their time and talents to those in need. We have a long and proud history of encouraging our employees to volunteer. While the driving force of our efforts is largely altruistic, there is even more to volunteering than giving back to our communities. Volunteering makes our company a better place to work, so employees are helping both Symantec and the organizations they volunteer for.

Today we highlight our Volunteer of the Quarter Vishakha Adkar, Associate Sales Operations Specialist in the Pune, India office for her contributions to community organizations in the Pune region.

At Symantec I work in the Shared Resource Centre (SRC), part of the Global Sales Operations organization in Enterprise Sales and execute a number of processes aimed at supporting the Symantec sales teams. Within the SRC, I wear many hats – primarily working on Symantec Partner Enrollment and also assisting on administrative and employee engagement activities on behalf of the leadership team.

Symantec’s Volunteer of the Quarter, Vishakha Adkar, Associate Sales Operations Specialist, is honored for her volunteer work in the Pune, India region.

As an extension of my role in the SRC, I wear another hat – community volunteer.

With a passion for working with NGOs, I was quickly drawn to the many opportunities to give back at Symantec. In 2010, I began volunteering and since this time I have dedicated four to five hours per month with Pune nonprofit partner Seva-Sahayog.

Translating to community service (Seva stands for “service” and Sahayog stands for “community”), Seva-Sahayog engages companies, and passionate groups and individuals to support the development of the Pune region in key areas such as education (ensuring children have access to education and school supplies), economic empowerment (helping females in Pune slums become financially independent), health and wellness (providing women and children access to health and wellness resources), and the environment (preserving and restoring the local environment).

Over the years, I have worked on a variety of Seva-Sahayog projects including Tech for Seva (an integrated networking platform highlighting opportunities for prospective community development partnerships), developing school kits for orphanage kids, Library Book Management (which includes stamping and covering the books and giving numbers), clothing donation drives and community tree planting.

While each project has been unique, sparking my interest and commitment in continuing my volunteer service, there is one in particular memory that stands out. As part of Seva-Sahayog, a team of Symantec volunteers conducted a drawing competition for the children of the laborers who work in EON IT Park Pune. We were amazed to see the children’s creativity when given the freedom to draw whatever they pleased and their joy upon seeing the colorful crayons was unforgettable.

As part of Symantec’s partnership with Seva-Sahayog, a team of Symantec volunteers conducted a drawing competition for the children of the laborers who work in EON IT Park Pune.

You see, giving back isn’t just about giving. There is a lot that you receive as well. Throughout this work, I have developed my communications and project management skills, I have networked with employees I would not have met otherwise, and most importantly, it has given me a new outlook on my life and my community.  

In conclusion, I would say that everybody spends lot of time working hard from the seat of their desks. This is what we need to excel as individuals and as a company. However, why not also think about taking an hour or two to volunteer for a cause that is important to Symantec, to your family, to your community or to yourself. Any contribution of time or money, no matter how small or large makes a difference.

I couldn’t be happier that I chose to volunteer. The smiles, the expressions of joy, the excitement, the thank you’s, the special moments, will all have a lasting impact on me. They are something I can always look at to say I made a difference inside and outside my company.

As Mahatma Gandhi is famous for saying "The best way to find yourself is to lose yourself in the service of others".

Symantec volunteers prepare library books to support Pune nonprofit Seva-Sahayog.

Blog Feature Image: 

thumbprint.jpg

We are at an inflection point. The Internet is transitioning from controlling information to controlling physical things, which has profound implications for both the global economy and the future of insurance. In this post, I will provide 7 predictions for how the Internet of Things (IoT) will change the insurance industry, although ultimately these predictions only scratch the surface as there are few lines of insurance that won’t be impacted by cyber risk in next 5-10 years.

Background on Internet of Things (IoT)

It is estimated that there will be up to 200 billion everyday objects connected to the Internet by 2020. Applications for the Internet of Things (IoT) are as diverse as consumer devices, manufacturing sensors, health monitoring, connected vehicles, office automation, and all the way to fully ‘smart cities’. The emergence of IoT technologies is a tremendous development that spans all aspects of human existence and could unlock up to $11 trillion per year in value to the global economy by 2025, according to the McKinsey Global Institute.

What these numbers don’t show, however, is the tremendous physical and financial risks associated with the emergence of having everyday objects connected to the Internet. According to the 2016 Symantec Internet Security Threat Report (ISTR), hundreds of millions of Internet-connected TVs are vulnerable to click fraud, botnets, data theft, and even ransomware and these numbers are growing rapidly. Cyber attacks on internet-connected devices create systemic risks and the potential for hundreds of billions of dollars in losses. When physical devices can be hacked (and potentially hacked en masse) the potential for major business interruption, physical damage and even loss of life becomes very real.

This isn’t to say we should not pursue IoT technologies. In fact in many ways, IoT will make society safer, as well as more efficient and convenient. Every year 1.2MM people die in automobile accidents and ~90% of those accidents attributable to driver error, which will decline as more internet-connected vehicles incorporate advanced safety features. However, as Internet-connected devices become pervasive in all aspects of our lives, the nature of risks facing consumers and businesses will be fundamentally different.

While the future is uncertain, especially as it pertains to technology, here are 7 predictions on how IoT could impact insurers.

1. Continued Growth of Affirmative Cyber Insurance Policies:
   According to Lloyd's of London, cyber attacks cost businesses $400 billion in losses per year and by some estimates, cyber crime costs the global economy trillions of dollars per year. The current cyber insurance market, which is focused on data protection, is around $2.7 billion globally. The market has doubled over the past 24-36 months and growth shows no signs of abating. Growth of affirmative cyber insurance data and liability policies, that primarily cover costs associated with data breaches, is just a tip of the ‘IoT iceberg’ as cyber becomes an even more important insurable risk.
    
2. Some Core Insurance Lines Will Decline: IoT will change the nature of the risks that consumers and businesses face. For example, according to AT Kearney, features such as Advanced Driver Assisted Systems (ADAS), semi-autonomous vehicles and tracking of stolen vehicles will be deployed in half of the cars on the road by 2025. By some estimates, the global auto insurance market will shrink by 60% or more, where there is a reduction in driver error and a resulting decline in the insurance needed for this risk. As key insurable losses become preventable by IoT, core insurance lines will decline.
    
3. IoT Aggregation Risk Starts Pervading A Diverse Set of Insurance Lines: IoT can turn large-scale hacks into global cyber catastrophes. Already, there have been successful hacks on industrial control systems that have led to major physical damage in heavy industries. Fortunately, these incidents have been isolated to ‘one-off’ occurrences however with key industrial control systems, logistics tracking systems and building automation systems crossing tens of thousands of businesses, the potential for major cross-cutting cyber events is increasing. IoT aggregation risk occurs in insurance lines where it wasn’t previously observed, accounted for or priced into the cost of an insurance policy.
    
4. Cyber Peril Exclusions Grow in Commercial Policies: In the years to come, we will see highly public ‘forcing events’ related to cyber attacks on IoT devices. Unfortunately, it is not a matter of if but when we see major IoT cyber hacks. When these events happen, insurers will likely respond by writing in more explicit exclusions for cyber perils in insurance lines such as product liability, property, E&O and other policies. In many cases insurers are focused on the aggregation risks that exist within their affirmative cyber data and liability policies, when the reality is there is tremendous silent coverage in the rest of an insurer’s portfolio today.
    
5. ‘Cyber Gap’ Insurance Policies Emerge: There will be an expanding list of critical cyber perils that won’t be covered under a standard insurance policy. Specialty cyber insurance policies and endorsements will surface to fill in the need for IoT cyber risk coverage. McKinsey estimates that up to $3.7 trillion in value could be unlocked in factories alone from IoT. Too much value is at stake for clients not to seek coverage from insurers and the market demand is too large for insurers not to provide this cover, although it will take deep cyber expertise to understand these novel risks.  
    
6. New Cyber Risk Capital Market Offerings Emerge: Currently the global insurance market has $4-5B in capacity for nuclear risks and $100B for natural catastrophes. Fixing the ‘Y2K bug’ alone is estimated to have cost $100B and the costs associated with remediating IoT security deficiencies could be very high, particularly when IoT componentry does not always have a means for remote firmware updates. Given cyber events represent hundreds of billions of dollars (or more) of potential liability, which have low correlation with other events, there is a role for capital markets providers to step in to help transfer risk. Given initial explorations already happening today, London could emerge as a major market for insurance linked securities tied back to cyber risk.
    
7. Insurers Will Help Drive IoT Security: Consumers aren’t necessarily buying technology products with IoT risk in mind; regulators are struggling to keep up; and in a race to get new products to market, technology companies are often launching new products, often without adequate cyber security in mind. Symantec’s research has shown 19% mobile apps used to control IoT devices don’t use SSL connections to the cloud and over 50% didn’t provide a mechanism for firmware updates, or if they did those updates were not encrypted. Given insurers are taking on the financial risk associated with IoT going wrong, insurers have an important role to play in making sure that the basics are done right for the risks they underwrite.

The emergence of IoT is a tremendous technological development that will create wide-ranging benefits for governments, businesses and consumers. However, it will also propel cyber risk into the limelight as the most important risk of the 21st Century.

As an industry that transfers and mutualizes risk, the implications for insurers are far reaching and there will be both winners and losers. Those that win will have a deep understanding of the evolving nature of cyber risk, leveraging cyber data, intelligence and expertise. Companies like Symantec will have an important role to play in helping to understand evolving threats, which is why we have set up a dedicated Cyber Insurance Group to support our insurer partners.  

It is hard to predict the future of technology and the risks that new technology will create with any degree of certainty. What is certain is that where there is risk, there is an opportunity for insurers to provide risk transfer solutions through insurance products. Just as there is innovation in technology, there will be innovation in insurance as both industries come together to unlock the potential of the Internet of Things.

Looking for more insights? Be sure to read What Every CISO Needs to Know about Cyber Insurance.

Pascal Millaire is Vice President at Symantec Corporation and the General Manager of the company’s Cyber Insurance Group.  

Webinar: Phishing Readiness: Is Your Team Ready?

Time: 10:00 AM (PST) / 1:00 PM (EST)

Date: November 15, 2016

Speaker: James Griffin, Product Manager, Cyber Security Services

Overview:

Phishing continues to be one of the most prevalent and effective threats to organizations.  Combating hackers that are determined to compromise your users requires a unique blend of tools, strategy and training.

Join our webinar to learn about:

•How to train your users to recognize these attacks more effectively and reduce your organization’s risk 

•Using Phishing Readiness to simulate attacks such as Point and Click, Attachments and Data exposure at a level which would impact the employees directly

•See how to measure the effectiveness of your Phishing Readiness campaigns and show the changes in user behavior

Register Now to ensure you have the right Techniques, Tools and Procedures in place to deliver an effective Security Awareness Program.

Our responsibility to fair, ethical and inclusive business is a global responsibility, however, delivering on this must happen on the ground, in many regions across the globe. This would not be possible without the passion and initiative of individual employees in each and every office.   

From advocating for women’s rights through the #ilooklikeanengineer viral campaign to a game changer in India, following we provide a round-up of recent recognitions highlighting Symantec employees making a difference for our industry, our employees and our communities worldwide.

Do you look like an engineer?

San Francisco’s primary newspaper The San Francisco Chronicle featured Symantec employee Geena Rollins in the August 25th article “#ILookLikeAnEngineer movement lasts after billboards come down”. The article reviews the viral campaign breaking down gender stereotypes of female engineers after controversial comments regarding an advertising campaign that featured a female engineer.

Geena was highlighted as part of this campaign, one of many female engineers featured on billboards across the San Francisco Bay Area showing engineers of diverse backgrounds. The article also highlights her work to continue the movement at Symantec by raising awareness about gender diversity and encouraging young women interested in STEM to pursue their passions.

[Geena Rollins, a senior principal software engineer at Symantec in Mountain View, didn’t want the movement to die when the events were over and the billboards, where she and other engineers were featured, came down. She decided to do what she could to make small changes at her own company and others. Rollins wears a pin with the hashtag on it as a reminder. She mentors young women and reaches out to managers to report discrimination when she sees it. She’s inspired events focused on women in tech, and pushed for reform and bias training.

But Rollins wishes she could do more to breathe life back into #ILookLikeAnEngineer.

“Companies need to step up and say we can’t lose this,” she said. “It really is helping people. It gave me the inspiration to overcome my fear when confronting discrimination — how could I be on this (billboard) and not speak up when these issues come up right in front of me?”]

India’s Game Changer

Symantec employee C Moulee was featured in India Today’s article – The Game Changers - on people inspiring change in the city of Chennai in India.

The article is about people who are transforming the city of Chennai and inspiring thought and hard work. It highlights C Moulee’s many accomplishments in his community and at Symantec to advocate for LGBT rights.

C Moulee created the first ERG at Symantec in Asia-Pacific, which has reached 12 members across Chennai and Pune, including some that don’t identify as LGBT. Additionally, as he writes about in a recent Medium article, he was part of Symantec’s collaboration with Sahodaran – one of Chennai’s first LGBTQ advocates - to develop an LGBTQ awareness event for college students and youth. And he has been part of the India PRIDE group’s efforts to start an LGBTQ employee awareness program.

“Despite the progress we’ve made, the feeling of inclusion takes time and is hard work. My aim is to bring about more awareness about LGBT people among our employees. I think ignorance is one of the reasons why queer individuals are ignored and harassed. To make my workplace more sensitive towards queer issues and people; this is at the top of my mind.”

You can follow many more stories of Symantec employees making a difference here on our Corporate Responsibility blog, through our #iamtech Medium publication, as well as by following us on Twitter, Facebook, and LinkedIn. 

Blog Feature Image: 

17B02328_2016_NCSAM_Social_Post.png

October is often associated as the harbinger of Fall, cooling weather, the changing color of leaves, baseball’s World Series, and a “Trick or Treat”-filled Halloween. Unfortunately, with the growing number of global cyber attacks this year, October might see more “tricks” than treats.

Whether dropping malicious malware on your server, stealing your sensitive data, or holding your data hostage for ransom, cyber attackers are a very real threat. Bordering on the scary and creepy, there’s even a new Voldemort ransomware that’s rearing its ugly head this season. And those nifty Internet of Things (IoT) devices may make life more convenient―but more and more IoT devices are growing infested with stealthy malware.

Fortunately, you can take measures to raise your level of cyber awareness and stay on guard.

October is National Cyber Security Awareness Month (NCSAM), a month-long initiative to help organizations and consumers keep their online lives safe and secure at work and at home. Below are eight key tips for raising cyber awareness.

Top Eight Tips for Cyber Awareness

1. Make good security personal: Extend protection beyond your office walls; good security behavior benefits your employees at home as much as it protects your corporate environment. 

2.Baseline your security regularly: Understand your state of vigilance so that you can interpret the symptoms that lead to a security incident.

3.Get executive and board engagement: The human element of cyber risk is likely to be higher outside your IT department than within it. With early executive leadership buy-in, you can make your security culture all-inclusive.

4.Develop a cyber awareness plan: Security incidents happen every day. How do you identify the important incidents and ensure the business remains effective and up-and-running under all circumstances?

5.Promote security education company-wide: From the board to new hires, it’s essential everyone understands they’re responsible and accountable. They need to know what part they play in the bigger picture.

6. Plan for today and scale for the future: Stop applying quick fixes to security issues, unless they are aligned to a longer-term strategy.

7.  Be accountable: Understand what the regulatory, legislative, and peer-to-peer controls are that you need to adhere to. Make sure you have a clearly defined owner for each of these and an executive sponsor.

8. Don’t wait for it to happen: Test your processes, procedures, and people regularly. Make sure you have clearly defined lifecycles that reflect changes in business strategy, technology use, and culture. Make sure your strategy is current and effective for the business and the risks.

For more than 30 years, Symantec has made the online world safer, giving customers peace of mind and making the world around us a better place. Our primary goal as a leader in the cyber security industry is to give people the information and tools they need to defend themselves against professional cyber attacks―and to help them be safe and successful all year round.

Be sure to download the Symantec Internet Security Threat Report, Vol. 21 (ISTR) for more actionable insights on the global threat landscape. 

Blog Feature Image: 

LA-SPOTLIGHT[800x332].jpg

Heading to Symantec Spotlight LA “Defining the Future of Cyber Security” next week?

We’re excited to announce that Marc Goodman—one of the world’s leading authorities on global security and author of the New York Times best seller “Future Crimes: Inside the Digital Underground and the Battle for our Connected World”―will be the guest speaker.

Goodman will join Symantec CEO Greg Clark and Symantec SVP and CIO Sheila Jordan, who will keynote along with 2016 Rio Olympics Technology Director Elly Resende.

Symantec Spotlight provides a unique opportunity to join the world’s cyber security leaders in addressing real-world security challenges and is the gathering place of the next generation of security leaders. Initially kicking off in the United States and United Kingdom, attendees will find new ways to approach the future of cyber security and business transformation through thought-provoking keynotes, interactive sessions, and hands-on experience alongside industry leaders.

Symantec CEO Greg Clark and Symantec SVP and CIO Sheila Jordan will share their insights on how Symantec is defining the future of cyber security. Elly Resende will also be presenting a keynote at the LA event. Marc Goodman will share his vision of cyber crime in the future. Together, these speakers will arm you with the information you need to securely drive digital transformation in your business. This is a truly unique experience to help you address real-world security problems.

If you haven’t registered for Spotlight LA, there’s still space available, so be sure to sign up today!

Spotlight Los Angeles | Defining the Future of Cyber Security

October 13, 2016

Westin Bonaventure, Los Angeles, CA

Cost: Free

Register for the Spotlight | Los Angeles here.

What are you waiting for? Register now before it’s too late!