Last Updated: 2015-10-05 15:14:09 UTC
by Johannes Ullrich (Version: 1)
This cartoon by John Klossner really hit a nerve with many security professionals. It nicely illustrates how many of us see the futility of our jobs: We can buy all the greatest and latest equipment, but in the end, we are up against users clicking on links and installing software that they shouldn't. Cisco recently published a statistic that 40% of all users who hit one of the recent exploit kits landing pages are getting infected by one of the exploits delivered by the exploit kit. Brad keeps telling us about the various methods how to spot exploit kits, and how they evolve over time. In the end, any user we can keep away from an exploit kit page is a "win".
This October, like in years past, we "celebrate" cyber security awareness month. The idea is to use this month for some special security awareness activities. In the past, we used a specific theme for our diaries in October. This month, we will have a couple specific diaries about tips and tricks in awareness training. If you want to share any tips, please let us know.
Here are a couple of resources:
SANS Securing the Human: http://www.securingthehuman.org (in particular the "Ouch" newsletter)
SANS "Tip of the Day": http://www.sans.org/tip_of_the_day.php
Past CSAM Diaries: https://isc.sans.edu/tag.html?tag=2010%20cyber%20security%20awareness%20month
Information about Cyber Security Awareness Month (and links to more resources):
And if you need more inspiration for your own campaign, here are more of John's security related cartoons: http://jklossner.com/computerworld/security.html