Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: IT Wiser
Stopping Malware: End-User Training Is Critical
Malware is defined by Cisco as “code or software that is specifically designed to damage, disrupt, steal, or in general inflict some other ‘bad’ or illegitimate action on data, hosts, or networks.” The interesting thing about malware is that it can be deployed automatically, by taking advantage of computer system vulnerabilities, or by fooling end-users into participating in some sort of activity enabling installation of the software or code. This second method of deployment is why end-user training is so critical to stopping malware.
The need for end-user training is made evident by a recent Cisco study that suggests careless end-users are putting themselves and their employers at risk of serious malware exploits. Study results were based on surveys given to 1,700 IT security experts from nine countries, including the UK, the US, and Germany.
According to the report, cyber criminals are taking advantage of careless end-users to launch targeted campaigns against certain types of industries, most notably pharmaceuticals and industrial chemicals. It only takes one or two careless users to open the door for a comprehensive attack against a large computer network.
End-user training to stop malware should be designed around educating employees about the tactics used by cyber criminals to deploy malicious code. One of the most popular tactics is attaching malware to a seemingly legitimate piece of software that users might download and install on their computers. Malware can also be deployed by taking advantage of end-user ignorance regarding e-mail links and attachments.
End-users need to be trained in how to spot potential exploits in their early stages. Standards for downloading and installing software applications should also be established and strictly enforced. Lastly, workers should be educated about the risks associated with transferring data between home and work computers. Every opportunity for an end-user to be exploited for the purposes of deploying malware needs to be addressed in end-user training.
More Sophisticated Attacks
In in addition to the information about end-users, the Cisco report also deals with the reality that cyber criminals are becoming more sophisticated in their attacks. For example, Cisco illustrates how attackers have developed new ways of sending smaller volumes of spam across larger networks, utilising multiple IP addresses, in order to avoid detection. They have also developed ways to complete specific tasks and then quickly leave a given channel before being detected.
Cyber criminals know that security experts and law enforcement are working very hard to put an end to their criminal activities. However, they also know that their chosen line of work is financially lucrative. Therefore, there is no reason to believe that those who orchestrate such network attacks will stop any time soon. Companies of all sizes need to take a more aggressive approach to security – with hardware, software, and end-user training.
IT Wiser can be part of the solution for your company. We offer a number of anti-virus, anti-malware, and other security solutions to protect your online environment. Please do not hesitate to contact us for more information. We have a solution that will make your company safer, regardless of your need.