This is a just a short post to make available the security awareness slides that I was using at the RSA Conference in San Francisco last week. Several people asked me for copies to use in their own awareness efforts and I am more than happy to oblige. I believe these slides can be effective in changing the way people perceive the threat of malicious software.
My operating hypothesis is that the sooner everyone–from CEOs to employees, kids to grandparents–understands that malicious software–viruses, Trojans, worms, or whatever–are the work of a rogue industry, not a roguish teenager, the sooner we can convince individuals and organizations to effectively implement the necessary counter-measures.
The slides go by the name of Malware Incorporated, the fictitious-but-all-too-real criminal enterprise that embodies this new trend. The mission statement of Malware, Inc. is strikingly simple and honest: Turning your data into our dreams.
A copy of the slides can be downloaded in Acrobat .pdf format. Please note that I have broken out the screenshots of crimeware into separate slides so they are all visible (this adds a few pages to the .pdf but seems like the best way to handle build slides). Also note that I am indebted to Brian Krebs for some of the shots as well as Dr. Mark Vriesenga of BAE Systems. If you would prefer the actual PowerPoint file, I have placed the .ppt inside a 5.6 MB zipped folder.
If you find the slides useful, please let me know. In the meantime I plan to record them as a video with narration, but I promise not to use my Peter Falk accent.
Author Stephen Cobb, ESET