Thursday, 18 May 2017 16:07

Malware attacks exploit human weaknesses: claim


Successful malware and ransomware attacks often involve poor processes and exploit human weaknesses, according to the regional security officer of a cyber security firm.

Sean Duca, vice-president, and regional chief security officer, Asia Pacific, Palo Alto Networks, said, “Successful attacks often involve poor processes and exploit human tendencies.

"To reduce an organisation’s threat surface, the focus of regular employee training needs to shift from reaction to prevention. Companies need to put themselves ahead of emerging threats.”

Industry figures generally agree that 30% of phishing emails are opened (up from 22% the previous year) and at least half of those click through to open a poisoned attachment, website or link.

Phishing was up 250% year-on-year at the end of 2016. Cloudmark research indicated that the average cost of a successful spear phishing attack resulting in a data breach or exfiltrated data was US$1.6 million per company and 84% of US companies had a spear phishing attack get past their organisations security.

Duca says that pure compliance-driven approaches — “You must do this” — have proven to be ineffective for organisations when used for employee security training, "usually because it’s not interesting or personal enough to capture employees’ imaginations. Businesses should focus on educating employees on how to protect their personal data, therefore encouraging employees to enact further security-orientated practices in the workplace.”

Employee training may take different forms, including the increasing practice of gamifying cyber security education programmes. Gamification is the process of using gaming mechanics in a non-gaming context, leveraging what is exciting about games and applying it to other types of activities that may not be so fun. Designed with elements of competition and rewards, gamification programmes are becoming popular because they can be used in a variety of industries, he said.

Many businesses currently use gamification in areas such as customer engagement, and employee education and training to drive performance and motivation. Gaming elements include one-on-one competitions, and rewards programmes.


There are two key ways businesses can use gamification as a way of addressing cyber security in their organisation:

1. Make training more exciting and engaging for employees

Using gamification can help businesses improve their cybersecurity in numerous ways, including showing employees how to avoid cyber attacks and learning about vulnerabilities in software.

Global consulting firm, PwC, teaches cyber security through its game, Game of Threats. Executives compete against each other in real-world cyber security situations, playing as either attackers or defenders. Attackers choose the tactics, methods, and skills of attack, while defenders develop defence strategies, needing to choose to invest in the right technologies and talent to respond to the attack. The game gives executives an understanding of how to prepare and react to threats, how well prepared the company is, and what their cyber security teams face each day.

Duca said, “Gamifying will help make the training process more exciting and engaging for employees, increasing employee awareness of cyber security practices, including how to deal with attacks correctly.”

2. Offer incentives and rewards to encourage desired behaviours

Human error is responsible for most security breaches, with employees feeling pressured to complete work by certain deadlines and as quickly as possible, which can result in them overlooking important company policy regarding security.

For example, running so-called PhishMe campaigns can be a great way to train employees on better email security. These include regular phishing emails sent across the organisation, testing staff’s response and action.

Duca said: “Gamification lets businesses reward those employees who follow security procedures and adhere to the correct security guidelines, which will further promote good behaviour. This may take the form of employees receiving a badge or recording points, which are then displayed on a scoreboard for the office to follow. In some organisations, after employees reach specific milestones, they are presented with material rewards such as a gift voucher.

“This system also allows for the identification of those who display poor behaviour within gamification and may result in the employee needing to complete further cyber security training. Recognising and rewarding employees when they do the correct thing leads to continued positive behaviour, motivating employees to undertake safe practices and resulting in a more cyber secure working environment.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News