Monday, November 15, 2010

Koobface points out weakness in current security training

Koobface - the network worm that preys on social networking like Facebook points out that fighting malware needs more than just technology.

In reading Nart Villeneuve's exhaustive analysis (PDF) , you can see that the scammers were not using very high tech, hidden means to infect users. It is just like the old email routine in which users were asked to download and install a piece of software.

Gee, isn't that something we've been told not to do, over and over again?

I believe why this was successful was due to the lack of vigilance on the part of the users. There is so much information and miss-information regarding malware that users are getting overwhelmed and desensitized.

That's a dangerous thing!

We face this problem in real life as well as in cyber space. We complain if the airport security is too slow and we complain if our email gets block by spam filters. We turn our day-to-day security over to the Dept of Homeland Security,  and we ask the CSO and the IT to be the sole group responsible for security in our organization.

As individuals, we need to be more observant in dealing with both real life and cyber threats. Organizations need to provide updates and trainings to its members and employees frequently.

Organizations are asked to hold "Sexual harassment"  trainings and hold periodic fire drills. But how many organizations have frequent "cyber security awareness" training?

Isn't it time we elevate Cyber Security to the same level of awareness as the other threats?

No comments:

Post a Comment