Do you remember that movie ? It starred Jamie Foxx. He played the role of Alvin Sanders an ex-con who is used by the police to lure a criminal out of hiding. Go watch the movie if want to know how it turns out.
Traditionally, attackers went after our servers, but there has been a shift to the client side because server-side applications have been targets for attackers since 2001, and these applications have matured. Attackers have therefore turned their attention to weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients. In short the user has now become the center of attention.And has therefore taken on the role of Alvin Sanders.Bait.
F-Secure showed samples of bait files recently showing real malware-laden Microsoft Word and Adobe PDF documents it has received. I could see how they could easily slip under the radar. The files are well done.
The lesson here is that we should not neglect our users. We should seek to educate them on the various attack vectors being used by attackers. This should be done using a language that they understand and practical examples they can relate to.
How is your user awareness program? Do you even have one?