Should training to spot malware be more common?

Next story
James Pavett

Recent research from the University of Texas at Arlington suggests that business leaders and employees are over confident when it comes to spotting phishing attacks.

Phishing is one of the most common cyber-criminal activities as it is quick, easy and low cost for the hacker. Phishing is an attempt to obtain personal information, from passwords and usernames to financial and credit card information.

Typically, phishing emails are the most common, where malicious emails are disguised as being from a trustworthy source; like HMRC, a bank, iTunes etc. The email is used as ‘bait’ to entice the victim into handing over details that is of value to the hacker, using techniques of ‘you are owed money’ or ‘account verification’, for example.

These emails can be to personal email addresses, but also to work and business too. New research from the University of Texas at Arlington says that when at work people are over confident when it comes to dealing with phishing emails.

Jingguo Wang, the associate professor leading the research, says that there is a need for a system in place to regulate the over-confidence in staff, noting that there was a continuing theme of ‘users are the weakest link’.

Mark James, ESET IT Security Specialist, discusses whether phishing awareness training should be implemented in businesses.

“Phishing awareness is a good thing.

“These types of attacks can come in many forms and helping the end user spot the different means and methods current or past will help them spot future attacks.

“We need to be careful using the term “users are the weakest link” as it implies users are stupid.

“This is very far from the truth, but the simple truth is we as users need to be 100% successful in blocking malware or phishing attacks whereas the attacker only needs to be successful once.

“It’s important we place the user in the “being part” portion of security.

“Users are a very important aspect in protecting your business; they can, and often are, the first point of contact for malware, so for them to be most effective they will need as much help as possible.

“Software and policies will help them but awareness and knowledge is just as important.

 

Would you like to see more training in spotting phishing and other types of malware? Let us know on Twitter @ESETUK

 

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.