Threat Protection - The Human Component

When it comes to protecting users from viruses, spam, and other malware, there's only so much technology can do. The real problem, it seems, is people.

"You can only put so much faith in technology," according to Jamz Yaneza, senior threat analyst at antivirus and content security firm Trend Micro Inc.
"For whatever reason, the knowledge worker doesn't necessarily understand the vastly different perils possible being online, versus pen and paper. Applying the same real-world trust level on the Internet has ultimately been the reason so many users still routinely click on attachments apparently coming from their
office friends and kin."

While large global threat outbreaks have declined over the past five years, malicious software attacks continue to pose a significant threat. The results include lost time, lost resources, and lost opportunities. To make things worse, malware is growing more sophisticated, with attacks presenting even greater dangers than in the past.

In a white paper report published in May 2005, research firm IDC stated that "The motives and intentions of virus writers have changed drastically over the past few years. In the past, amateurs seeking notoriety typically created worms and viruses to destroy data. Today, more sophisticated attackers, often
professionals and organized crime, are increasingly using worms, spam, spyware, and viruses to obtain credit card numbers, bank account information, and other confidential information to perpetrate identity theft or competitive disruption. The sophistication and scale of online frauds and identity thefts are increasing
at a rapid pace."

What's needed to protect corporate and individual systems from the threat of malware? According to Yaneza, the answer includes vigilance, education, and innovation. "External and internal threat issues require organizations and individuals to stay on top of security issues," he explained, "such as having security policies in place, having policies for screening e-mails, etc. There's no answer from a simply technological point of view."

While anti-virus updates, patches, the rise of managed services, and a mix of security protocols and policies present everyone with immense challenges, there is, indeed, a light at the end of the tunnel. It's called shared responsibility.

"Vendors need to go directly to end-users to educate them about safe surfing," said Yaneza. "Threat protection is a never-ending struggle. Everyone has to have some involvement in securing the business."