We've just released the March security awareness module on malware.
The Stuxnet worm has been the talk of the information security, SCADA/industrial control and critical infrastructure protection communities for some months now: we asked ourselves what makes Stuxnet so newsworthy, and why are information security professionals so concerned about it?
Stuxnet marks the end of a period of naïveté if not denial and confirms, beyond reasonable doubt surely, that nation states have started investing in and deploying sophisticated malware for national/political ends. The ability to control and update the worm remotely means we are facing new wave of malware, capable of changing chameleon-like before our very eyes to evade antivirus software, exploit zero-day vulnerabilities and attack new targets.
Would you consider Stuxnet to be a game-changing escalation in the risk or merely a continuation of the ongoing 25 year battle against malware? Either way, the discussion within your organization could be a worthwhile awareness exercise in its own right.
We have updated all of the materials in the module and written new ones, particularly on Stuxnet which may be a complex incident but illustrates some important lessons on malware.
