Organizations are Not Managing People and Awareness Ongoing…Do you Know Who is?

Tuesday, May 18, 2010

Katie Weaver-Johnson


Cyber Criminals, Terrorists, Competition, Social Networks, etc.

A few weeks ago, security vendor McAfee caused widespread concern when it revealed that a problem with its antivirus product caused some Windows XP systems to crash.

Who was the first to react to this incident?

Cyber criminals.  By utilizing advanced blackhat search engine optimization techniques, criminals were able to ensure that their malicious web pages were returned first in a search for information regarding McAfee.  When clicked, the malicious links infect the Users with scareware and trick them into thinking they are infected and must pay a fee for antivirus software to fix the problem. 

Now more than ever, breaking news is being hijacked by cyber criminals, often before you (or your employees) may have even learned of it. 

We have seen criminals take advantage of many recent events, the Icelandic volcano, pandemic flu, the economic crisis or celebrity stories.  So, how can you protect your employees and your organization from falling prey to these social attacks?

Ongoing awareness and lessons learned.  It is critical for organizations to continuously update their employees and third-parties on new risks, new threats, best practices, etc. as risks (and bad guys) are sophisticated and constantly changing. 

We recommend that organizations utilize real-world lessons learned (like the McAfee incident above) to illustrate to employees the threats that exist and how they can protect themselves and their organizations.  Your organization can pair this case study with a policy reminding Users they cannot afford to blindly trust the results offered by search engines, but rather they must verify that the sites they are visiting are secured and trusted. 

Once-a-year General Training is Not Enough.  How are you ensuring your employees and third-parties are updated ongoing with improved situational awareness and accountability?

Possibly Related Articles:
Viruses & Malware
virus malware
Post Rating I Like this!
Ray Tan Good article.
It needs a series of measures to avoid being attacked, user awareness training, policy and so on.
Katie Weaver-Johnson @Lance,

Thanks!! I saw that this morning; exciting!

Thanks for all your efforts at Infosec and for promoting our blogs!

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.