How we win
As long there is money to be made criminals will continue to take advantage of opportunities to pick our pockets. While the battle with cybercriminals can seem daunting, it's a fight we can win. Although our adversaries have plenty of incentive to infect users, their schemes require a series of steps to be successful. We only need to break one link in their chain to stop them dead in their tracks. Simply deploying patches more quickly, eliminating unnecessary applications, and running as a non-privileged user will thwart more than 90% of these attacks.
Many attacks succeed when users let their guard down. Increasing employee awareness of the threat and providing examples can help keep your users from opening malicious attachments or clicking on links out of curiosity. Users need to understand that, while security tools enhance the security of the network, the user is the most important defense for protecting sensitive company information.
We must recognize our weak points and work together as a community to share the knowledge we need to defend ourselves. Reducing the threat surface by having fewer apps, educating your users, and restricting administrative rights can make the job so difficult for the scammers that they will look elsewhere for their victims.