Our organization has a high level of turnover, which means there are new users coming in all the time with little-to-no...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
security knowledge. Because of this turnover, we continue to have problems with scareware in particular, as employees are downloading fake antivirus, which then overruns our network. What is the best way to get this stuff out of our organization, considering our security awareness training can't seem to keep up?
While security awareness training is one of the most important aspects of a security program, there are times when technical controls must be put into place to stop or better manage specific security threats. In a situation where there are new employees with minimal security knowledge, it's probably best to rely less on security awareness and to carefully implement the necessary technical security controls. However, you should still ensure you have adequate security awareness training. This training should be about more than how to create a secure password: It should include education on phishing, social engineering and, of course, fake AV malware, among other things.
When it comes to scareware removal, first determine the root cause of the scareware and fake antivirus infections. If users are clicking on links from email and being directed to malicious webpages, becoming infected after clicking on rouge ads, or by other means, the network defenses might be slightly different; however, many of the same host security controls may be the same.
If you have difficulty determining the root cause of the infections, try comparing the security controls or settings of the infected systems with those of systems that are not getting infected, and adjust the infected systems' controls accordingly. If systems are not being adequately cleaned of malware, you may want to try rebuilding them to ensure the malware is completely removed. If you cannot determine the root cause of the infections, you may want to start with additional host security. To identify additional systems that are infected, monitor the network for outbound access to which known infected systems are connecting, or scour potentially infected systems for similar executables as those that are on the known infected systems.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Nick Lewis
Conficker malware was found in a German nuclear power plant computer system. Expert Nick Lewis explains the possible impact of malware infections of ...continue reading
OneSoftPerDay, an adware program can install backdoors on PCs, is able to avoid detection from antimalware tools. Expert Nick Lewis explains how to ...continue reading
The hot-patching feature in Windows servers is vulnerable to attacks from APT groups. Expert Nick Lewis explains what hot patching is and how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.