Security professionals and organizations spend a lot of time
researching and informing users about virus characteristics and security
practices to prevent from contracting them.
All the awareness and training is enough to make most question the
validity of content found on the Internet and e-mails received from various
parties. So when information pertaining
to a new viruses is released and distributed we have a tendency to devote a good
portion of our time learning about them.
Learning about new viruses is not such a bad thing, unless we are
wasting our time learning about a virus that does not exist.
Messages containing information about viruses that do not
exist and are intentionally or unintentionally circulated by users are known as
virus hoaxes. At first, they may seem
harmless. The fact of the matter is,
virus hoaxes can be as costly as or more costly than a true virus. It is has been calculated that a single virus
hoax can result in monetary damages totaling $41.7 million. In other calculations, it has been estimated
that a virus hoax can cost an organization $100,000 or more (Grocott, 2001).
So how does an organization accrue monetary loses if their
employees receive a virus hoax? It’s relatively
simple. The organization will begin to
lose money as soon as employees receive and begin to spend their time reading
and interrupting the virus hoax message.
Money will also be lost as network resources are used to forward the
message to others or delete it. An
organization’s reputation can be effected as users forward the message to others,
which can also result in the organization losing money. Last, users can become complacent as they are
exposed to more and more virus hoaxes. The
increased complacency may cause users to disregard valid virus warnings and
expose the organization’s network resources to malicious content (Grocott,
2001).
The best way to mitigate virus hoaxes is to educate users on
identifying them. Some of the telltale
signs of a virus hoax are: Sender is not a trusted source, a warning message
about a destructive virus is displayed, contains many words in all caps,
instructs users to forward to everyone they know, message states a credible
source issued the warning, states the virus is very severe, and/or the virus is
described using simple technical terminology (Taylor, Fritsch, Liederbach,
& Holt, 2011, p. 131-132).
Another way to assist with mitigating virus hoaxes is to develop
and implement a virus hoax handling policy and methods to increase user
awareness. At a minimum, a virus hoax
handling policy should state that emails suspected as being a virus hoax are
only to be forwarded to a designated person.
Awareness for virus hoaxes can be created through the use of newsletters
or regular correspondence from the IT department (Grocott, 2001).
References
Grocott, D. (2001). Virus hoaxes - are
they just a nuisance? Retrieved March 8, 2015, from http://www.sans.org/reading-room/whitepapers/malicious/virus-hoaxes-nuisance-30
Taylor, R., Fritsch, E., Liederbach, J.,
& Holt, T. (2011). Digital crime and digital terrorism (2nd ed.).
Upper Saddle River, NJ: Prentice Hall.
No comments:
Post a Comment