Security awareness training is an essential requirement for any organization employing IT. Employees should be trained to recognize social engineering attacks or “head hacking,” where the weakest link in the chain may be the users themselves, rather than an unpatched application or malware. Be suspicious of potentially targeted attacks and understand what the escalation process is. Individuals must take some responsible for the overall IT security of an organization – not just the IT managers and security officers. They should be able to recognize typical scams such as advance-fee fraud (commonly known as 419s) and phishing attacks, and report missed spam e-mails. Adherence to the IT policies is important and understanding the reasons is critical to ensure employees remain committed and don’t become rogue.
Example: Phishing1 – Phishing continues to be a serious problem, with many computer users finding it difficult to distinguish phishes from legitimate e-mails. There are several common “angles” for these attacks. Some, like this example, require the recipient to confirm their details, often under the guise of enhancing security.
Security experts estimate that Conficker, a particularly malicious worm, targeting MS Windows, has already infected more than 7 million computers around the world. Last year, there was much hype that the Conficker worm would cause an April 1 meltdown, although security researchers said such fears were greatly exaggerated. Still, Symantec says the botnet could still "wreak havoc." But worms are not the only threat out there. As IT Business Edge blogger Mike Vizard explains:
"The problem is that the way we approach data security these days is largely defined by the way IT sees the world, which is through layers of horizontal products and technologies. What IT doesn’t really have a handle on is what specific individuals have access to what kind of information because they are associated with a specific business process or task." These are just some of the major threats that Symantec Hosted Services says are facing companies. Click through to view the top five security threats you should be on the lookout for.