March’s awareness topic: malware update 2018

Outline and scope New this month

Click to track our blogThe malware (a.k.a. “virus”) threat has been with us for since the 1970’s when Creeper infected DEC PDP-10s and ANIMAL hit Univacs.  The Morris Worm was a wake-up call on the early Internet way back in 1988: perhaps thirty years ago we should have pressed the snooze button rather than canceling the alarm!

Today we are battling hundreds of millions of new malware variants discovered every year, so many in fact that it even naming them is a challenge.  And today’s viruses don’t just play annoying jingles or turn our displays upside-down: those oh-so-amusing old-skool pranks and proofs-of-concept have long since given way to criminal enterprise and cyberwarfare, no laughing matter.  Businesses are threatened.  Lives are in danger.

A year ago, ransomware was headline news - literally in the case of ransomware attacks on the UK’s National Health Service and several other high-profile organizations during 2017.  According to recent reports, ransomware has declined while cryptomining malware has risen out of nowhere over the past six months or so to become the malware-du-jour ... but is it a genuine threat or just a trivial drain on resources? 

“Malware the Movie - Part XIV” is playing out right now in millions of organizations around the globe.  Are you sitting there, petrified, or up on your feet, dodging silver bullets? 

In the latest awareness module, we explore the current information risks associated with malware (including crytpominers) along with the associated security controls - of which, security awareness is arguably the most cost-effective option.  No matter how much you spend, antivirus software and other cyber-controls are never going to solve the malware problem for you without awareness and training, along with malware policies, procedures and strategies to spot and react to the virus menace mutating before our bleary eyes. 

Learning objectives

The 2018 malware awareness module:

  • Introduces and explains malware in plain English, providing general context and background information, emphasizing what’s new in this area;
  • Expands on the associated information risks and controls;
  • Emphasizes the practical things workers can and should be doing to mitigate or better still avoid malware risks.

Think about your learning objectives in relation to malware.  In your situation, what has changed since your awareness program last covered this topic (if ever!)?  Are there particular facets or issues you would like to bring up this time, perhaps specific malware incidents that you or your neighbors, competitors and others have suffered? 

The new module is crammed full of creative ideas and angles to catch your workers’ attention - PowerPoint slide decks, briefing papers, leaflets, posters and more.  The management stream updates managers on today’s malware risks, emphasizing the value of a framework of complementary controls rather than a myopic focus on, say, antivirus: it’s necessary but not sufficient. 

So what is your corporate strategy with respect to malware?  What governance arrangments, policies and procedures, and metrics do you have in place?  Are they up to date and relevant to the current situation?  Or is it just a matter of time before “Malware the Movie” becomes your nightmare?

Get the new module

Subscribe to the NoticeBored service to receive the new module, plus further batches of fresh awareness goodies every month.  We offer a wealth of creative, eye-catching materials making it easy and economic for you to run a world-class security awareness and training program.

Email us to set the ball rolling.  Find out exactly what is provided in the latest pack, and speak to us about getting your security awareness and training program quickly up to speed, for a lot less than you might think.  We’re a small company with a big reputation for quality and innovation.

Let us infect you and your colleagues with our passion for security awareness

Home > NB this month >

Copyright © 2018 IsecT Ltd.