From September 15th – October 15th the United States celebrates National Hispanic Heritage Month, celebrating the numerous contributions that generations of Hispanic Americans have made to the country. To some this month may pass by without notice, but to many of us, including myself, it is a time to celebrate our unique culture, our traditions. Additionally, it’s a time to reflect on the challenges we’ve faced as an ethnic community and the fantastic opportunities we face today. 

The Hispanic population in the United States has reached 57 million, making Hispanics the second largest population in the nation and the nation’s largest ethnic group[1]. However, when we look at the technology workforce it tells a very different story.

Hispanics comprise 15% of the US workforce, however, only 7% of technology jobs. Additionally, only 8% of computer science and engineering graduates are Hispanic (vs 57% white), and only 12% of Hispanic computer science and engineering graduates even go into technology jobs (vs 40% of Asian graduates)[2]. Hispanics are considered some of the savviest and most frequent technology users in the US, so where is the gap coming from?

When I began my career in tech at Intel Corporation, the story was the same. I was the only Hispanic female working in the finance organization with a graduate business degree, surprised at the severity of our under representation. However, what surprised me even more was what the company was doing to reverse this trend.  Located in a community with a high percentage of Hispanics, Intel was vocal about their commitment to have a diverse workforce that was representative of the headquarter community. I knew it was my time to advise the company’s Latino employee resource group (ERG) that was central in helping the company recruit and retain Hispanic employees.  

The experience was career and life-changing in many ways– I met colleagues that shared the same interests.  I learned how to motivate others, gain visibility and develop leadership skills that were vital to my career growth, during my 13 years at the company. 

Even more so, I felt a part of the solution– My hours spent mentoring youth, and attending recruitment events, was creating a pipeline of diverse talent for the company, and ensuring that stand out Hispanic employees had the chance to demonstrate their unique value.

An authentic commitment to inclusivity is tangible.

Symantec’s commitment to equality and inclusivity is something that has impressed me from the moment I walked through the door. I quickly joined the Symantec Women’s Action Network (SWAN) and was amazed at the authentic investment in supporting females. From events, to articles, to professional development opportunities, the company’s intention to change the status quo was so clear. 

Although, I am still very new to the company, I expressed my interest in joining the HOLA ERG and on Thursday, 9/29 we held our first event in honor of National Hispanic Heritage Month. The momentum for HOLA is still growing at Symantec, but I look forward to leading the charge and bringing my experience from my time at Intel.   

Rose Mendoza is Symantec's Marketing Programs Manager, Website Security 

Blog Feature Image: 

ThinkstockPhotos-511473492.jpg

 “Symantec is the global leader in cyber security. What we do, at Symantec, is not just a job—it’s a calling, demonstrated by our mission to keep the world’s information safe and reflecting our fundamental commitment to make the world a better place.” – CEO Greg Clark

Symantec currently protects over a billion Internet of Things (IoT) devices and is monitoring Internet threat activity in more than 157 countries and territories. Additionally, the digital revolution is upon us, and by 2020 Gartner estimates there will be 21 billion connected devices worldwide.

More of our lives and our personal information is stored online than ever before. Furthermore, the lure of this data has prompted an unprecedented surge in cybercrime activity. As the global leader in next-generation cyber security, our responsibility to protect is crucial to the vitality of businesses in every industry, to governments in every country, to people in every city.

From Our People to Your Information to Our World, Symantec launched our FY16 Corporate Responsibility Report demonstrating how – through our promise to protect the world’s information – we are creating opportunities and opening doors both within and outside our company, staying true to our commitment to make our world a better place.

Read the full report.

Symantec is making a $100,000 USD donation to one of three nonprofit organizations! Just provide feedback through our FY16 Corporate Responsibility Report Survey and you can vote for where it goes!

“Diversity is clearly part of Symantec’s culture. It’s one of the company’s core values, and we focus on diversity in all aspects of the company—it helps us to think differently and to aggressively innovate.” - Sheila Jordan, Chief Information Officer

Our ability to protect starts with a winning culture.

From top to bottom, Symantec is committed to creating a culture of winning, a workplace where leaders are positioned for success, where our unique perspectives are valued, where diverse backgrounds and ideas drive constant innovation, and where we unite yet challenge each other to drive impact for our business and society.

Our commitment to diversity and inclusion is rooted in the belief that our global workforce – both Symantec’s and our industry’s – should represent the diversity of our world.  Through our multi-pronged approach, we are creating a workforce that embraces every culture, language, age, sexual orientation, disability, background, and experience, as well as gives a voice to these differences:

• Our five Employee Resource Groups (ERGs) serve as ambassadors to the broader community. Through the advocacy of our Pride ERG, we now provide inclusive bathrooms at our headquarters and other main sites, and have published transgender inclusion guidelines to assist any employee transitioning during their Symantec tenure.
• In FY16, Symantec partnered with the Human Rights Campaign to advocate for marriage equality, denounce the Bathroom Bill and support the Equality Act in the United States.
• For the eighth consecutive year, Symantec scored a perfect 100 on theHRC (Human Rights Campaign) Corporate Equality Index.
• At the end of FY16, 72 percent of Symantec Cyber Career Connection (SC3) graduates were people of color and 24 percent were female.

Additionally, through our talent programs we are setting employees and leaders up for success by teaching them techniques to conduct difficult but necessary conversations, as well as how to influence others and communicate effectively, how to advance their roles as leaders of innovation, and through our Leadership Blueprint we make every employee feel like they are a valued member of a winning team on an inspiring mission.

When threats are shut down, doors open.

Our responsibility to protect information extends from fighting cybercrime to online safety education to addressing the growing cyber security workforce gap:

• In FY16, Symantec awarded 26 grants totaling $2,585,900 to fight cybercrime and support online safety.
• We engage in public policy debates worldwide and send our experts to testify in front of lawmakers and regulators.
• Launched in 2014, our Symantec Cyber Career Connection (SC3) program continues to inspire, train and provide vital professional support to disadvantaged populations providing an accessible pathway to long-term cyber security careers. 

Symantec’s Cyber Career connection (SC3) program addresses four key challenges across the workforce pipeline.

“We want to be the example for our industry, to also be a leader in corporate responsibility, a champion for diversity and inclusion, and a protector of the environment. We know that the work we do matters and we will continue to raise the bar.” – CEO Greg Clark

A resilient world is a prerequisite for a successful business.

Every day it becomes clearer that our ability to protect the future depends directly on recognizing the limits of our planetary resources. Through a sharp focus on environmental performance we are making our buildings and operations more efficient, advocating for clean energy, and working closely with suppliers to minimize impacts in our supply chain:

• We joined the Obama Administration and 140 other companies in the American Business Act on Climate Pledge to publicly play our part in promoting a low-carbon future. As a result, Symantec set a new goal in FY16 to reduce GHG emissions by 30 percent by 2025 (compared with FY15). As of FY16 end, we have already achieved a five percent reduction against our baseline.
• We have been listed annually on the Dow Jones Sustainability Index since 2007, and on the CDP Climate Disclosure Leadership Index since 2013.
• Approximately 43 percent of products are Energy Star certified, and nearly 29 percent of products are in the process of being Energy Star certified.
• This year, Symantec became a full member of theEICC (Electronic Industry Citizenship Coalition). Approximately 47 percent of suppliers have environmental and corporate responsibility requirements in their contracts and all of these have completed EICC self-assessments enabling us to assess their risk level.
• We continue to examine our suppliers on conflict minerals and aim to validate all products manufactured for Symantec as “conflict free” across all four minerals (tantalum, tin, tungsten and gold) by 2017.

Additionally, through our targeted philanthropy program we invest our time, technology and know-how in the areas we can impact the most - STEM, diversity, online safety, and environmental responsibility:

• Through our Take5! global volunteering campaign, we logged 28,782 hours of employee volunteer time, equating to 2.5 hours for each of the 11,430 employees with whom we ended the year.
• Through our Software Donation program together with TechSoup, we donated $20.8 million of software (retail value) to 22,796 nonprofits in FY16.
• Through partners such as the World Association of Girl Guides and Girls Scouts (WAGGGS), the Boys & Girls Club, Teach for America and others we engage and inspire young females to let go of stereotypes, realize the opportunities in STEM and pursue their passions. 

We invite you to read our full FY16 Corporate Responsibility Report online. 

Blog Feature Image: 

RansomwareGraphic-1.png

A nightmare scenario occurs: your computer system locks up, files are suddenly encrypted and inaccessible, and a menacing message demands a ransom payment to restore it. Ransomware has struck—and you’re the target.

According to Symantec’s ISTR Special Report: Ransomware and Business 2016, the past 12 months have seen ransomware reach a new level of maturation as cybercriminals target consumers and businesses. The report found new ransomware families discovered annually reached an all-time high of 100 in 2015; the average ransom demanded by attackers has jumped to $679.

And it’s not just consumers targeted by ransomware attackers; organizations need to be fully aware of the threat posted by ransomware.

“Organizations should certainly be concerned about ransomware. The most widely distributed forms of ransomware are spread through major spam campaigns which are completely indiscriminate, hitting both consumers and organizations,” said Dick O’Brien, co-author of the ISTR Special Report: Ransomware and Business 2016 and Senior Information Developer, Symantec. “Furthermore, a growing number of ransomware attack groups are specifically focusing on organizations with targeted attacks designed to infect multiple computers and cripple the organization.”

The rise of crypto-ransomware

The ISTR special report found the shift towards crypto-ransomware explained by the effectiveness of ransomware. The victim may remove the malware but the files will still be inaccessible due to unbreakable encryption. If no files are backed up, the victim must pay the ransom as the only way to recover the files. The report found that this crypto-ransomware model has been perfected over the past two years and is now one of the rising types ransomware.

“Virtually all of the new ransomware families emerging at present are crypto-ransomware. This trend isn’t surprising, since crypto-ransomware is the most dangerous form of ransomware. It’s capable of locking the victim’s files with unbreakable encryption. Unless they have backup copies, the only way to retrieve them would be through paying the ransom. It took a while for ransomware groups to perfect crypto-ransomware, but now that most have mastered effective encryption, it’s become ubiquitous,” explained O’Brien.

Which organizations are likely to be infected?

While almost all sectors have been hit by ransomware, some types of organizations appear to be harder hit than others. The report found that the Services sectors, with 38 percent of infected computers, was the most affected sector by ransomware between January 2015 and April 2016. Manufacturing, Finance, Insurance, Real Estate, and Publication Administration followed as top targeted sectors.

While it’s unclear why some sectors are more affected than others, one potential explanation is that organizations with high levels of integration and different internet services tend to have higher exposure to infection risks.

Ways ransomware can infect a computer

Malicious spam email is one of the most common methods to spread ransomware and malware in general. Botnets, or networks of compromised computers, distribute a large number of spam emails that use social-engineering tactics to trick victims. Ways to compromise computers and invite infection include opening malicious attachments or clicking on a link that points to an exploit kit.

Exploit-kit attackers comprise third-party web servers and inject iframes into web pages hosted on them. Malicious links in spam email or social media posts and malvertisments are other tactics criminals use.

Mobile ransomware leads the way as a top malware type in 2015, according to the Symantec/Blue Coat 2015 State of Mobile Malware report. With the increased performance capabilities of modern smartphones, it was only a matter of time before more advanced cryptographic ransomware, such as SimpleLocker, started showing up on mobile devices. These threats render music files, photographs, videos, and other document types unreadable—while typically demanding an untraceable form of payment such as Bitcoin—and employing a strict time limit for payment before the files become permanently inaccessible to the owner.

Businesses: the next big target

The Symantec ISTR Special Report: Ransomware and Business 2016 found that cyber criminals are increasingly targeting the business space for higher profits. The report found the following trends in attack campaigns:

• Business email contain scams that try to trick C-level executives into making large wire transfer payments.
• Bug-poaching attacks involve attackers compromising corporate servers, stealing data, and requesting a fee for information on how the attack was carried out.
• The Carbank Gang targets banks directly rather than bank customers.

While some organizations are hit in indiscriminate campaigns, where employees open a malicious email or visit a malicious website, some enterprises are becoming victims of more targeted ransomware attacks.

For more detailed information, “Case Study: Anatomy of an Advanced Ransomware Attack” and “Case Study: Ransomware as a Decoy” are included within the ISTR Special Report: Ransomware and Business 2016. The two case studies not only provide narratives of the attack campaign, but share insights on lessons learned.

Protection against ransomware

Whatever you do, don’t pay the ransom. There's no guarantee your files will be released, and if you succumb to the scam, you may make yourself vulnerable to more scams.

“The most common method of ransomware distribution is spam email and everyone needs to exercise extreme caution. We would advise people to immediately delete any suspicious emails they receive, especially those containing links and/or attachments. They should also be very wary of Microsoft Office attachments that prompt users to enable macros. Attackers often use malicious macros to deliver malware through Office documents,” said O’Brien.

But there are strategic/tactical ways you can protect yourself and your organization from falling victim to ransomware. Symantec recommends the following five steps to prevent ransomware:

1. Back up your computers and servers regularly.
2. Lock down mapped network drives.
3. Deploy and enable all Symantec Endpoint Protection technologies.
4. Download the latest patches and plug-ins.
5. Use an email security product to handle email safely.

View the full Symantec ISTR Ransomware infographic.

“Adopting a multi-layered approach to security minimizes the chance of infection," said O’Brien. "Using an email security solution should remove the chance of you accidentally opening malicious email and malicious attachments in the first place. Symantec intrusion prevention system (IPS) technology can detect and block malicious traffic from exploit kit activity, preventing the installation of ransomware. Meanwhile Symantec Endpoint Protection technologies can detect and block known ransomware families, in addition to detecting suspicious behavior by new and previously unknown malicious files.”

Be sure to check out the following for more insights:

ISTR Special Report: Ransomware and Business 2016

“The Evolution of Ransomware” Symantec white paper 

Also, don't miss the upcoming October 18th Symantec webcast,"Anatomy of a Ransomware Attack". 

Blog Feature Image: 

Shankar_Frost_Award.jpg

Recently, I was lucky enough to be one of the honored recipients of the 2016 North America Frost & Sullivan Award for Embedded Security for Industrial Internet of Things (IIoT) Customer Value Leadership. Held at a banquet in Santa Clara, California, I was surrounded by elegance and excitement, the event brought together top executives to celebrate their achievements.                  

Each year, Frost & Sullivan presents this award to the company that has demonstrated excellence in implementing strategies that proactively create value for its customers with a focus on enhancing the return on the investment that customers make in its services or products. The award recognises the company's inordinate focus on enhancing the value that its customers receive, beyond simply good customer service, leading to improved customer retention and ultimately customer base expansion. We were praised for our IoT portfolio, our traction in the market and of course our strength as a security company and the scale at which we already operate in enterprise security.

This award is particularly significant because it comes from Frost & Sullivan, a firm that possesses deep relationships and insights into the Enterprise IoT world. The companies that were recognized at the event were not just security or software companies. I had the pleasure of meeting a wide range of individuals who are working on some exciting tools, from creating new connected medical devices or industrial sensors to companies that provide services that determine the location of these connected devices. 

This was a great event and I am honored to be part of Symantec and recognized by Frost & Sullivan. I believe that IoT is still in its infancy and we have a lot to do but events like this not only give us a chance to get together but also provide us with an opportunity to learn, collaborate and make a difference.  

For Linux environments that use Systemd, you may encounter issues with the ITMS Linux Agent on boot.
The reason for this is that ITMS installs '/etc/init.d/altiris' as the control script for the Agent.
This control script is not aware of Systemd dependency mechanisms.
In the event that the Local file system is not mounted, particularly '/opt', the 'altiris' service will fail to start.
This is because the default location of the install is '/opt' and there is no guarantee that this partition will be mounted before our service.

The following procedure will guarantee that the '/opt' partition is mounted.

1) Remove the symbolic link '/etc/init.d/altiris'. This prevents Systemd from generating a unit.
2) Create the file '/etc/systemd/system/altiris.service' with the following contents:

[Unit]
 Description=ITMS Agent
 After=local-fs.target

[Service]
 ExecStart=/opt/altiris/notification/nsagent/etc/rc.d/altiris start
 ExecStop=/opt/altiris/notification/nsagent/etc/rc.d/altiris stop

[Install]
 WantedBy=multi-user.target

3) Run the command: systemctl enable altiris
4) Run the command: systemctl start altiris
5) Run the command: systemctl status altiris
 

Webinar: Phishing Readiness: Is Your Team Ready?

Time: 10:00 AM (PST) / 1:00 PM (EST)

Date: November 15, 2016

Speaker: James Griffin, Product Manager, Cyber Security Services

Overview:

Phishing continues to be one of the most prevalent and effective threats to organizations.  Combating hackers that are determined to compromise your users requires a unique blend of tools, strategy and training.

Join our webinar to learn about:

•How to train your users to recognize these attacks more effectively and reduce your organization’s risk 

•Using Phishing Readiness to simulate attacks such as Point and Click, Attachments and Data exposure at a level which would impact the employees directly

•See how to measure the effectiveness of your Phishing Readiness campaigns and show the changes in user behavior

Register Now to ensure you have the right Techniques, Tools and Procedures in place to deliver an effective Security Awareness Program.

Blog Feature Image: 

ThinkstockPhotos-467517220.jpg

Our responsibility to fair, ethical and inclusive business is a global responsibility, however, delivering on this must happen on the ground, in many regions across the globe. This would not be possible without the passion and initiative of individual employees in each and every office.   

From advocating for women’s rights through the #ilooklikeanengineer viral campaign to a game changer in India, following we provide a round-up of recent recognitions highlighting Symantec employees making a difference for our industry, our employees and our communities worldwide.

Do you look like an engineer?

San Francisco’s primary newspaper The San Francisco Chronicle featured Symantec employee Geena Rollins in the August 25th article “#ILookLikeAnEngineer movement lasts after billboards come down”. The article reviews the viral campaign breaking down gender stereotypes of female engineers after controversial comments regarding an advertising campaign that featured a female engineer.

Geena was highlighted as part of this campaign, one of many female engineers featured on billboards across the San Francisco Bay Area showing engineers of diverse backgrounds. The article also highlights her work to continue the movement at Symantec by raising awareness about gender diversity and encouraging young women interested in STEM to pursue their passions.

[Geena Rollins, a senior principal software engineer at Symantec in Mountain View, didn’t want the movement to die when the events were over and the billboards, where she and other engineers were featured, came down. She decided to do what she could to make small changes at her own company and others. Rollins wears a pin with the hashtag on it as a reminder. She mentors young women and reaches out to managers to report discrimination when she sees it. She’s inspired events focused on women in tech, and pushed for reform and bias training.

But Rollins wishes she could do more to breathe life back into #ILookLikeAnEngineer.

“Companies need to step up and say we can’t lose this,” she said. “It really is helping people. It gave me the inspiration to overcome my fear when confronting discrimination — how could I be on this (billboard) and not speak up when these issues come up right in front of me?”]

India’s Game Changer

Symantec employee C Moulee was featured in India Today’s article – The Game Changers - on people inspiring change in the city of Chennai in India.

The article is about people who are transforming the city of Chennai and inspiring thought and hard work. It highlights C Moulee’s many accomplishments in his community and at Symantec to advocate for LGBT rights.

C Moulee created the first ERG at Symantec in Asia-Pacific, which has reached 12 members across Chennai and Pune, including some that don’t identify as LGBT. Additionally, as he writes about in a recent Medium article, he was part of Symantec’s collaboration with Sahodaran – one of Chennai’s first LGBTQ advocates - to develop an LGBTQ awareness event for college students and youth. And he has been part of the India PRIDE group’s efforts to start an LGBTQ employee awareness program.

“Despite the progress we’ve made, the feeling of inclusion takes time and is hard work. My aim is to bring about more awareness about LGBT people among our employees. I think ignorance is one of the reasons why queer individuals are ignored and harassed. To make my workplace more sensitive towards queer issues and people; this is at the top of my mind.”

You can follow many more stories of Symantec employees making a difference here on our Corporate Responsibility blog, through our #iamtech Medium publication, as well as by following us on Twitter, Facebook, and LinkedIn. 

Blog Feature Image: 

17B02328_2016_NCSAM_Social_Post.png

October is often associated as the harbinger of Fall, cooling weather, the changing color of leaves, baseball’s World Series, and a “Trick or Treat”-filled Halloween. Unfortunately, with the growing number of global cyber attacks this year, October might see more “tricks” than treats.

Whether dropping malicious malware on your server, stealing your sensitive data, or holding your data hostage for ransom, cyber attackers are a very real threat. Bordering on the scary and creepy, there’s even a new Voldemort ransomware that’s rearing its ugly head this season. And those nifty Internet of Things (IoT) devices may make life more convenient―but more and more IoT devices are growing infested with stealthy malware.

Fortunately, you can take measures to raise your level of cyber awareness and stay on guard.

October is National Cyber Security Awareness Month (NCSAM), a month-long initiative to help organizations and consumers keep their online lives safe and secure at work and at home. Below are eight key tips for raising cyber awareness.

Top Eight Tips for Cyber Awareness

1. Make good security personal: Extend protection beyond your office walls; good security behavior benefits your employees at home as much as it protects your corporate environment. 

2.Baseline your security regularly: Understand your state of vigilance so that you can interpret the symptoms that lead to a security incident.

3.Get executive and board engagement: The human element of cyber risk is likely to be higher outside your IT department than within it. With early executive leadership buy-in, you can make your security culture all-inclusive.

4.Develop a cyber awareness plan: Security incidents happen every day. How do you identify the important incidents and ensure the business remains effective and up-and-running under all circumstances?

5.Promote security education company-wide: From the board to new hires, it’s essential everyone understands they’re responsible and accountable. They need to know what part they play in the bigger picture.

6. Plan for today and scale for the future: Stop applying quick fixes to security issues, unless they are aligned to a longer-term strategy.

7.  Be accountable: Understand what the regulatory, legislative, and peer-to-peer controls are that you need to adhere to. Make sure you have a clearly defined owner for each of these and an executive sponsor.

8. Don’t wait for it to happen: Test your processes, procedures, and people regularly. Make sure you have clearly defined lifecycles that reflect changes in business strategy, technology use, and culture. Make sure your strategy is current and effective for the business and the risks.

For more than 30 years, Symantec has made the online world safer, giving customers peace of mind and making the world around us a better place. Our primary goal as a leader in the cyber security industry is to give people the information and tools they need to defend themselves against professional cyber attacks―and to help them be safe and successful all year round.

Be sure to download the Symantec Internet Security Threat Report, Vol. 21 (ISTR) for more actionable insights on the global threat landscape. 

Blog Feature Image: 

LA-SPOTLIGHT[800x332].jpg

Heading to Symantec Spotlight LA “Defining the Future of Cyber Security” next week?

We’re excited to announce that Marc Goodman—one of the world’s leading authorities on global security and author of the New York Times best seller “Future Crimes: Inside the Digital Underground and the Battle for our Connected World”―will be the guest speaker.

Goodman will join Symantec CEO Greg Clark and Symantec SVP and CIO Sheila Jordan, who will keynote along with 2016 Rio Olympics Technology Director Elly Resende.

Symantec Spotlight provides a unique opportunity to join the world’s cyber security leaders in addressing real-world security challenges and is the gathering place of the next generation of security leaders. Initially kicking off in the United States and United Kingdom, attendees will find new ways to approach the future of cyber security and business transformation through thought-provoking keynotes, interactive sessions, and hands-on experience alongside industry leaders.

Symantec CEO Greg Clark and Symantec SVP and CIO Sheila Jordan will share their insights on how Symantec is defining the future of cyber security. Elly Resende will also be presenting a keynote at the LA event. Marc Goodman will share his vision of cyber crime in the future. Together, these speakers will arm you with the information you need to securely drive digital transformation in your business. This is a truly unique experience to help you address real-world security problems.

If you haven’t registered for Spotlight LA, there’s still space available, so be sure to sign up today!

Spotlight Los Angeles | Defining the Future of Cyber Security

October 13, 2016

Westin Bonaventure, Los Angeles, CA

Cost: Free

Register for the Spotlight | Los Angeles here.

What are you waiting for? Register now before it’s too late!

Blog Feature Image: 

Rose Symantec #2_0.jpg

From September 15th – October 15th the United States celebrates National Hispanic Heritage Month, celebrating the numerous contributions that generations of Hispanic Americans have made to the country. To some this month may pass by without notice, but to many of us, including myself, it is a time to celebrate our unique culture, our traditions. Additionally, it’s a time to reflect on the challenges we’ve faced as an ethnic community and the fantastic opportunities we face today. 

The Hispanic population in the United States has reached 57 million, making Hispanics the second largest population in the nation and the nation’s largest ethnic group[1]. However, when we look at the technology workforce it tells a very different story.

Hispanics comprise 15% of the US workforce, however, only 7% of technology jobs. Additionally, only 8% of computer science and engineering graduates are Hispanic (vs 57% white), and only 12% of Hispanic computer science and engineering graduates even go into technology jobs (vs 40% of Asian graduates)[2]. Hispanics are considered some of the savviest and most frequent technology users in the US, so where is the gap coming from?

When I began my career in tech at Intel Corporation, the story was the same. I was the only Hispanic female working in the finance organization with a graduate business degree, surprised at the severity of our under representation. However, what surprised me even more was what the company was doing to reverse this trend.  Located in a community with a high percentage of Hispanics, Intel was vocal about their commitment to have a diverse workforce that was representative of the headquarter community. I knew it was my time to advise the company’s Latino employee resource group (ERG) that was central in helping the company recruit and retain Hispanic employees.  

The experience was career and life-changing in many ways– I met colleagues that shared the same interests.  I learned how to motivate others, gain visibility and develop leadership skills that were vital to my career growth, during my 13 years at the company. 

Even more so, I felt a part of the solution– My hours spent mentoring youth, and attending recruitment events, was creating a pipeline of diverse talent for the company, and ensuring that stand out Hispanic employees had the chance to demonstrate their unique value.

An authentic commitment to inclusivity is tangible.

Symantec’s commitment to equality and inclusivity is something that has impressed me from the moment I walked through the door. I quickly joined the Symantec Women’s Action Network (SWAN) and was amazed at the authentic investment in supporting females. From events, to articles, to professional development opportunities, the company’s intention to change the status quo was so clear. 

Although, I am still very new to the company, I expressed my interest in joining the HOLA ERG and on Thursday, 9/29 we held our first event in honor of National Hispanic Heritage Month. The momentum for HOLA is still growing at Symantec, but I look forward to leading the charge and bringing my experience from my time at Intel.   

Rose Mendoza is Symantec's Marketing Programs Manager, Website Security 

Blog Feature Image: 

ThinkstockPhotos-511473492.jpg

 “Symantec is the global leader in cyber security. What we do, at Symantec, is not just a job—it’s a calling, demonstrated by our mission to keep the world’s information safe and reflecting our fundamental commitment to make the world a better place.” – CEO Greg Clark

Symantec currently protects over a billion Internet of Things (IoT) devices and is monitoring Internet threat activity in more than 157 countries and territories. Additionally, the digital revolution is upon us, and by 2020 Gartner estimates there will be 21 billion connected devices worldwide.

More of our lives and our personal information is stored online than ever before. Furthermore, the lure of this data has prompted an unprecedented surge in cybercrime activity. As the global leader in next-generation cyber security, our responsibility to protect is crucial to the vitality of businesses in every industry, to governments in every country, to people in every city.

From Our People to Your Information to Our World, Symantec launched our FY16 Corporate Responsibility Report demonstrating how – through our promise to protect the world’s information – we are creating opportunities and opening doors both within and outside our company, staying true to our commitment to make our world a better place.

Read the full report.

Symantec is making a $100,000 USD donation to one of three nonprofit organizations! Just provide feedback through our FY16 Corporate Responsibility Report Survey and you can vote for where it goes!

“Diversity is clearly part of Symantec’s culture. It’s one of the company’s core values, and we focus on diversity in all aspects of the company—it helps us to think differently and to aggressively innovate.” - Sheila Jordan, Chief Information Officer

Our ability to protect starts with a winning culture.

From top to bottom, Symantec is committed to creating a culture of winning, a workplace where leaders are positioned for success, where our unique perspectives are valued, where diverse backgrounds and ideas drive constant innovation, and where we unite yet challenge each other to drive impact for our business and society.

Our commitment to diversity and inclusion is rooted in the belief that our global workforce – both Symantec’s and our industry’s – should represent the diversity of our world.  Through our multi-pronged approach, we are creating a workforce that embraces every culture, language, age, sexual orientation, disability, background, and experience, as well as gives a voice to these differences:

• Our five Employee Resource Groups (ERGs) serve as ambassadors to the broader community. Through the advocacy of our Pride ERG, we now provide inclusive bathrooms at our headquarters and other main sites, and have published transgender inclusion guidelines to assist any employee transitioning during their Symantec tenure.
• In FY16, Symantec partnered with the Human Rights Campaign to advocate for marriage equality, denounce the Bathroom Bill and support the Equality Act in the United States.
• For the eighth consecutive year, Symantec scored a perfect 100 on theHRC (Human Rights Campaign) Corporate Equality Index.
• At the end of FY16, 72 percent of Symantec Cyber Career Connection (SC3) graduates were people of color and 24 percent were female.

Additionally, through our talent programs we are setting employees and leaders up for success by teaching them techniques to conduct difficult but necessary conversations, as well as how to influence others and communicate effectively, how to advance their roles as leaders of innovation, and through our Leadership Blueprint we make every employee feel like they are a valued member of a winning team on an inspiring mission.

When threats are shut down, doors open.

Our responsibility to protect information extends from fighting cybercrime to online safety education to addressing the growing cyber security workforce gap:

• In FY16, Symantec awarded 26 grants totaling $2,585,900 to fight cybercrime and support online safety.
• We engage in public policy debates worldwide and send our experts to testify in front of lawmakers and regulators.
• Launched in 2014, our Symantec Cyber Career Connection (SC3) program continues to inspire, train and provide vital professional support to disadvantaged populations providing an accessible pathway to long-term cyber security careers. 

Symantec’s Cyber Career connection (SC3) program addresses four key challenges across the workforce pipeline.

“We want to be the example for our industry, to also be a leader in corporate responsibility, a champion for diversity and inclusion, and a protector of the environment. We know that the work we do matters and we will continue to raise the bar.” – CEO Greg Clark

A resilient world is a prerequisite for a successful business.

Every day it becomes clearer that our ability to protect the future depends directly on recognizing the limits of our planetary resources. Through a sharp focus on environmental performance we are making our buildings and operations more efficient, advocating for clean energy, and working closely with suppliers to minimize impacts in our supply chain:

• We joined the Obama Administration and 140 other companies in the American Business Act on Climate Pledge to publicly play our part in promoting a low-carbon future. As a result, Symantec set a new goal in FY16 to reduce GHG emissions by 30 percent by 2025 (compared with FY15). As of FY16 end, we have already achieved a five percent reduction against our baseline.
• We have been listed annually on the Dow Jones Sustainability Index since 2007, and on the CDP Climate Disclosure Leadership Index since 2013.
• Approximately 43 percent of products are Energy Star certified, and nearly 29 percent of products are in the process of being Energy Star certified.
• This year, Symantec became a full member of theEICC (Electronic Industry Citizenship Coalition). Approximately 47 percent of suppliers have environmental and corporate responsibility requirements in their contracts and all of these have completed EICC self-assessments enabling us to assess their risk level.
• We continue to examine our suppliers on conflict minerals and aim to validate all products manufactured for Symantec as “conflict free” across all four minerals (tantalum, tin, tungsten and gold) by 2017.

Additionally, through our targeted philanthropy program we invest our time, technology and know-how in the areas we can impact the most - STEM, diversity, online safety, and environmental responsibility:

• Through our Take5! global volunteering campaign, we logged 28,782 hours of employee volunteer time, equating to 2.5 hours for each of the 11,430 employees with whom we ended the year.
• Through our Software Donation program together with TechSoup, we donated $20.8 million of software (retail value) to 22,796 nonprofits in FY16.
• Through partners such as the World Association of Girl Guides and Girls Scouts (WAGGGS), the Boys & Girls Club, Teach for America and others we engage and inspire young females to let go of stereotypes, realize the opportunities in STEM and pursue their passions. 

We invite you to read our full FY16 Corporate Responsibility Report online. 

Blog Feature Image: 

RansomwareGraphic-1.png

A nightmare scenario occurs: your computer system locks up, files are suddenly encrypted and inaccessible, and a menacing message demands a ransom payment to restore it. Ransomware has struck—and you’re the target.

According to Symantec’s ISTR Special Report: Ransomware and Business 2016, the past 12 months have seen ransomware reach a new level of maturation as cybercriminals target consumers and businesses. The report found new ransomware families discovered annually reached an all-time high of 100 in 2015; the average ransom demanded by attackers has jumped to $679.

And it’s not just consumers targeted by ransomware attackers; organizations need to be fully aware of the threat posted by ransomware.

“Organizations should certainly be concerned about ransomware. The most widely distributed forms of ransomware are spread through major spam campaigns which are completely indiscriminate, hitting both consumers and organizations,” said Dick O’Brien, co-author of the ISTR Special Report: Ransomware and Business 2016 and Senior Information Developer, Symantec. “Furthermore, a growing number of ransomware attack groups are specifically focusing on organizations with targeted attacks designed to infect multiple computers and cripple the organization.”

The rise of crypto-ransomware

The ISTR special report found the shift towards crypto-ransomware explained by the effectiveness of ransomware. The victim may remove the malware but the files will still be inaccessible due to unbreakable encryption. If no files are backed up, the victim must pay the ransom as the only way to recover the files. The report found that this crypto-ransomware model has been perfected over the past two years and is now one of the rising types ransomware.

“Virtually all of the new ransomware families emerging at present are crypto-ransomware. This trend isn’t surprising, since crypto-ransomware is the most dangerous form of ransomware. It’s capable of locking the victim’s files with unbreakable encryption. Unless they have backup copies, the only way to retrieve them would be through paying the ransom. It took a while for ransomware groups to perfect crypto-ransomware, but now that most have mastered effective encryption, it’s become ubiquitous,” explained O’Brien.

Which organizations are likely to be infected?

While almost all sectors have been hit by ransomware, some types of organizations appear to be harder hit than others. The report found that the Services sectors, with 38 percent of infected computers, was the most affected sector by ransomware between January 2015 and April 2016. Manufacturing, Finance, Insurance, Real Estate, and Publication Administration followed as top targeted sectors.

While it’s unclear why some sectors are more affected than others, one potential explanation is that organizations with high levels of integration and different internet services tend to have higher exposure to infection risks.

Ways ransomware can infect a computer

Malicious spam email is one of the most common methods to spread ransomware and malware in general. Botnets, or networks of compromised computers, distribute a large number of spam emails that use social-engineering tactics to trick victims. Ways to compromise computers and invite infection include opening malicious attachments or clicking on a link that points to an exploit kit.

Exploit-kit attackers comprise third-party web servers and inject iframes into web pages hosted on them. Malicious links in spam email or social media posts and malvertisments are other tactics criminals use.

Mobile ransomware leads the way as a top malware type in 2015, according to the Symantec/Blue Coat 2015 State of Mobile Malware report. With the increased performance capabilities of modern smartphones, it was only a matter of time before more advanced cryptographic ransomware, such as SimpleLocker, started showing up on mobile devices. These threats render music files, photographs, videos, and other document types unreadable—while typically demanding an untraceable form of payment such as Bitcoin—and employing a strict time limit for payment before the files become permanently inaccessible to the owner.

Businesses: the next big target

The Symantec ISTR Special Report: Ransomware and Business 2016 found that cyber criminals are increasingly targeting the business space for higher profits. The report found the following trends in attack campaigns:

• Business email contain scams that try to trick C-level executives into making large wire transfer payments.
• Bug-poaching attacks involve attackers compromising corporate servers, stealing data, and requesting a fee for information on how the attack was carried out.
• The Carbank Gang targets banks directly rather than bank customers.

While some organizations are hit in indiscriminate campaigns, where employees open a malicious email or visit a malicious website, some enterprises are becoming victims of more targeted ransomware attacks.

For more detailed information, “Case Study: Anatomy of an Advanced Ransomware Attack” and “Case Study: Ransomware as a Decoy” are included within the ISTR Special Report: Ransomware and Business 2016. The two case studies not only provide narratives of the attack campaign, but share insights on lessons learned.

Protection against ransomware

Whatever you do, don’t pay the ransom. There's no guarantee your files will be released, and if you succumb to the scam, you may make yourself vulnerable to more scams.

“The most common method of ransomware distribution is spam email and everyone needs to exercise extreme caution. We would advise people to immediately delete any suspicious emails they receive, especially those containing links and/or attachments. They should also be very wary of Microsoft Office attachments that prompt users to enable macros. Attackers often use malicious macros to deliver malware through Office documents,” said O’Brien.

But there are strategic/tactical ways you can protect yourself and your organization from falling victim to ransomware. Symantec recommends the following five steps to prevent ransomware:

1. Back up your computers and servers regularly.
2. Lock down mapped network drives.
3. Deploy and enable all Symantec Endpoint Protection technologies.
4. Download the latest patches and plug-ins.
5. Use an email security product to handle email safely.

View the full Symantec ISTR Ransomware infographic.

“Adopting a multi-layered approach to security minimizes the chance of infection," said O’Brien. "Using an email security solution should remove the chance of you accidentally opening malicious email and malicious attachments in the first place. Symantec intrusion prevention system (IPS) technology can detect and block malicious traffic from exploit kit activity, preventing the installation of ransomware. Meanwhile Symantec Endpoint Protection technologies can detect and block known ransomware families, in addition to detecting suspicious behavior by new and previously unknown malicious files.”

Be sure to check out the following for more insights:

ISTR Special Report: Ransomware and Business 2016

“The Evolution of Ransomware” Symantec white paper 

Also, don't miss the upcoming October 18th Symantec webcast,"Anatomy of a Ransomware Attack".