Malware awareness update
Malware (malicious software) has been a concern for nearly five – yes five – decades. It’s an awareness topic worth updating annually for three key reasons:
- Malware is ubiquitous – it’s a threat we all face to some extent (even those of us who don’t own or use IT equipment rely on organizations that depend on it);
- Malware-related risks are changing – new malware is being actively developed and exploited all the time, while technical security controls inevitably lag behind;
- Security awareness is vital to prevent or avoid malware infections, and to recognize and respond promptly and effectively to those that almost inevitably occur.
Last year, we focused on crypto-currency-mining Trojans, and it was ransomware the year before that. Both remain of concern today. That’s the thing with malware: new forms expand the threat horizon. Much like the universe, it never seems to shrink.
Developing engaging and accessible awareness and training content on the current state of malware is quite a challenge. Malware is a complicated and dynamic field, a seething mass of issues that are hard to pin down in the first place, and awkward to describe in relatively simple and straightforward terms.
However, so long as malware risks remain significant, we can’t afford to ignore them. Luckily, generic control measures such as workers’ vigilance, patching, backups, incident management and business continuity management are appropriate regardless of the particular incident scenarios that may unfold.
Antivirus software is part of the solution – a major part, admittedly, necessary but not sufficient. That’s one of several awareness messages this year.
I'm especially pleased with the new 12-page 'Malware encyclopedia'. It turned out nicely, injecting a little humor into what might otherwise have been a desperately dull and depressing awareness module.