Security executives may be fretting too much about e-mail users downloading viruses from spam, according to results...
of a unique survey conducted through the use of simulated spam messages containing mock virus attachments.
The survey by Seattle-based WatchGuard Technologies Inc. suggests that security managers should target specific types of users, particularly extroverts, for e-mail education. And they should be particularly wary of messages referring to social encounters.
That's a conclusion drawn from ongoing results collected from companies using free software from WatchGuard's Web site called ClickAware, which sends out simulated spam messages. When recipients download the mock virus attachments, they receive warnings instead of malicious code, and admins get a record of the event.
Few e-mail users, just 2%, have been fooled by the more than 33,800 ClickAware spam messages already sent by administrators at 185 companies.
"It's good news and bad news," said Steve Fallin, director of WatchGuard's rapid response team, which monitors emerging security threats for the company's clients. "People are becoming sophisticated enough on their own to recognize spam."
Just one virus-bearing message that evades a company's security measures can wreak havoc on any network.
"It only takes one message to get through," said Martin Hall, who heads the semi-annual conference INBOX and edits the Weblog INBOX Perspectives. "There is no huge effort at user education at the moment. A lot more needs to be done."
Security execs should continue to strive for 100% awareness and compliance with e-mail usage policies, Fallin said. They should also use their ClickAware data to profile gullible e-mail users, "and compare their ratings for particular messages against those from other ClickAware users," he said.
Rather than the office wallflower, for example, you may want to focus your education and surveillance efforts on the office flirt and hotshot executives. Spam messages with the subject lines "Very cool picture only for you" fooled 8% and "Re: Thanks" (7%) are up to eight times likelier to trick users into downloading their attachments than those reporting a failed message delivery (1%) or promising a Microsoft patch (3%), according to the ClickAware survey.
Another study, by a U.K. researcher investigating e-mail use in the office, supports WatchGuard's findings. That study, by a Ph.D. student at the University of Surrey, found that when people are working on dull or intensive tasks, they often choose to respond to an e-mail interruption to boost their well-being.
While the Surrey study does not directly address spam and attachments, it does suggest that restless, outgoing types are more likely to seek to escape their boredom inside their inbox.
"Personality factors may play a part here," said Emma Russell, the University of Surrey researcher. "Extroverts, who naturally require more stimulation, may get a bigger boost from dealing with an interruption, compared with introverts, who find extra stimulation can overload them cognitively."
Dig Deeper on Security Awareness Training and Internal Threats-Information