Skip to main content

Changing User Behavior is Key

September 23, 2010

My colleague, Ryan Smith, recently wrote about Defense in Depth and talked about the fact that, regardless of how many tools and techniques an organization implements to prevent infection through malware, they won’t be able to stop every infection. I agree, and would take that a step further to say that it’s practical to assume a certain percentage of systems will be infected at some point during the course of a year. Therefore, it’s extremely important to create a methodology so that you can find infections within a reasonable timeframe and mitigate the loss of information associated with a breach.

Here are two long-term strategies that you can implement and develop over the course of time.

  1. Information policy - Compensation tied to security metrics is a strong initial method to create change in company culture. Metrics should be simple and address basic security requirements that can be easily measured, such as total number of system vulnerabilities. If incentive compensation isn’t your organization’s bag, at a minimum you should create and notify employees of a policy to conduct regular, unannounced social engineering tests. The results of the tests should be immediately returned to employees along with information about further security training, as required.Information policy won’t ensure the safety of your organization, but it will help reduce the footprint of exposure through a very common method of infection: users accepting malicious email or clicking through to malicious sites unintentionally while surfing the Internet.
  2. Define the access of confidential data - Data policies need to define what constitutes critical data, who has access to the data, and where and how the specific data should be stored. The goal is to know who and what the real threats are in order to identify the risk. By removing the ability of most users to access confidential data, you can focus your efforts on more stringent requirements for those users and systems that do have confidential data, helping you to avoid a costly breach.

Information policy and defining (and limiting) the access of confidential data will enable you to change user behavior so that you can minimize the threat, and respond more quickly as infections occur. There are also some tools and techniques that you can use in the short-term to quickly to address the current infection of systems. I’ll talk about those in my next blog posting.


Related Blogs

April 27, 2010

Perimeter Security – A Far Flung Fantasy | Optiv

Consider the potential thought process of the IT professional who is challenged with managing security for his or her organization’s computer infrastr...

See Details

January 30, 2014

Intelligence Brief: Versions of FireZilla May Be Compromised

Recently, FishNet Security’s gTIC team has discovered that versions of FileZilla FTP client (versions 3.5.3 and 3.7.3) may be compromised. Original in...

See Details

February 07, 2018

Intelligence Bulletin – When Cryptomining Attacks

Optiv has seen a continuation of attacks based off the usage of CryptoNight miner, in this case likely mining Monero cryptocurrency for the attackers....

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

February 03, 2014

Intel Brief - ChewBacca Malware

On December 17, 2013, Kaspersky Lab Expert, Marco, posted a blog that identified a new piece of malware that was utilizing Tor-based communications. W...

See Details

July 24, 2013

Security Alert - Royal Malware Security | Optiv

If you are following the news, you know that a new heir to the throne of England was born this week. As with any major news story being continuously d...

See Details

April 18, 2013

Security Alert- Boston Malware | Optiv

As being reported by many in the security industry and by US-CERT ( A num...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.