Responding to a report that predicts a significant increase in
malware and phishing in the weeks ahead, Avecto says that companies
need to revisit and refine their strategies for dealing with the
problem - before it is too late.
"Whereas before they would wait until the end of the daylight
period before checking their social emails - from home - staff are
now starting to check their social emails soon after the afternoon
coffee break. It's all down to human nature, and with social events
such as Halloween and Bonfire Night on the horizon, they will be
getting a variety of fun attachments into their mailboxes," he
said.
"This is what we call a malware flashpoint in the IT security
industry - the times of the year when the risk of staff clicking
through onto something that they would normally avoid suddenly
rises. This is exactly why our colleagues at GFI have been
observing a surge in malware in recent weeks, and are predicting
that this trend will increase in the weeks ahead," he added.
Kenyon went on to say that the fact the research highlights the
ability of cybercriminals and scammers to quickly respond to
high-profile events and exploit Internet users' online search
behaviour should send IT security professionals scrambling to
review their security defence strategies.
The Internet world, with all its threats, has moved on
significantly in the last 12 months to the point where scammers are
using every trick in the book - and a lot of new ones too - to
persuade users to `click through' on links when they really should
know better, he explained.
The Avecto COO says that these issues are the reason why October
has been designated National Cyber Security Awareness month in the
US, and why UK private and public sector organisations will be
hosting the National Identity Fraud Prevention Week between the
17th and 24th of this month.
This, he adds, is the time when the threat that the Internet
poses both to consumer and business users starts to rise as the
world - and his/her spouse - gets ready for the winter celebrations
that culminate in Christmas. And that's why these Internet security
campaigns are timed to help educate users about the real risks they
are likely to encounter.
So what, says Keynon, can the forward-thinking IT security
professional do to help prepare for the weeks ahead?
The solution, he says, is to plan ahead on the basis that, while
your existing IT security defences will help to stop most of these
threats, there is a real risk that some of the threats will be
successful. It is therefore crucial to prepare an updated security
strategy to account for a worst-case scenario.
This means, he adds, that IT security managers need to be able
to lock down their internal IT systems and reduce the risk profile
of all their systems. For most organisations, he notes, this
involves reducing the risk that a member of staff will cross-infect
another user or systems if their terminal is compromised.
"Put simply, this means limiting each member of staff to those
IT functions that they truly need to carry out their job
effectively, and locking down all the other functions, as they only
serve to increase the risk of something going wrong - and for no
good reason," he said.
"This is where effective privilege management enters the frame.
Good Windows privilege management means allowing, for example, IT
management access to those elements of the supervisory computer
systems that they need access to. Equally, the nice-to-have - but
not essential - `side system' access that many IT professionals
often have from their accounts should be locked down," he
added.
"Privileged account management is all about balancing the
technology requirements of each member of staff with the risk that
allowing access to that technology entails. This is all part of the
GRC - governance, risk management and compliance - balancing act
that is modern IT security management."
