[AusNOG] CryptoLocker Virus

Robert Hudson hudrob at gmail.com
Thu Oct 24 12:27:58 EST 2013


I've worked in IT for over ~20 years now - and I'm still a "youngun"
compared to some.

Bad user behaviour (doing things they've been told, ad nauseam, not to do)
was an issue on the first day I worked in the industry, and it's an issue
today.

I don't necessarily blame the users either - because the details of bad
user behaviour have changed over the years.  We all acknowledge that the
tech industry is incredibly fast moving, and that not everyone has the
aptitude for technology to work within the industry, but are then surprised
that the same people who can't keep up with technology do the wrong thing
when exposed to it.

The real solution is for the industry to find ways to protect the users
that don't involve them having to understand what they're doing, without
having a significant adverse impact on their ability to get their jobs done.

Application white-listing, as already mentioned in this thread, is a
potential solution - if you only allow the applications that you know are
needed to execute, and only when their signatures match pre-determined safe
ones, then you're removing an extremely large attack target from your
environment.  Of course, it takes time, effort and money to achieve this...


On 24 October 2013 12:20, Pinkerton, Eric (AU Sydney) <
Eric.Pinkerton at baesystemsdetica.com> wrote:

> >> Unfortunately, much of that relies on educating users, and if
> educating users was going to work, it'd have done so already. :(****
>
> ** **
>
> 2 wrongs don’t make a right.. It’s no different to telling hospital staff
> to wash their hands, it should be obvious, and you shouldn’t need to tell
> them –but it’s not and you do.****
>
> ** **
>
> You can’t just give up because it’s hard.  Test them, offer incentives,
> educate them, test them again and measure the improvement and you will be
> surprised.****
>
> ** **
>
> Perhaps good surprised, perhaps bad surprised – but surprised ;-)****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131024/6689c8a8/attachment.html>


More information about the AusNOG mailing list