Back to Basics to Fight Botnets

Employee education might be the best tool for fighting invasion of computer networks. While malware has dominated the security conversation in the past year, the growing strength of botnets- systems of thousands or even millions of personal computers networked together and controlled for cybercrime-has even the most experienced in the Internet security industry concerned. An estimated 70 percent to 90 percent of the world's spam is now due to botnets, and an estimated 11 percent of computers connected to the Internet contain botnet programs.

More abundant than ever, botnets are becoming sophisticated at quickly scanning a computer for important financial and corporate data. They often fly under the radar, because they rarely affect the performance of the computers they infect, and since they create a large network of computers, they can segregate roles-with some computers acting as "communicators" and others as "doers."

While a botnet is usually complex, the best solution may be to educate users on best practices, combined with a defense-in-depth strategy. The battle against botnets may come down to ensuring that Bob in marketing knows not to click on an enticing e-mail link, while making sure that well-established security solutions such as intrusion-prevention solutions and firewalls are used correctly.

Employees need to be made fully aware of the possible consequences of clicking on a link regardless of how legitimate it appears. Hackers have the means of finding and using personal and localized information to convince the recipient that an email was addressed to him.

Malware can even spread unintentionally through e-mails coming from friends and colleagues. Therefore, users should not only know whether to trust the person sending the e-mail, they should also have certain knowledge that the person had a clear intent to include an attachment or link. The same rules apply for the use of links and video on instant messaging, short message service and social networking sites.

Beyond tricking someone to click on a link, botnets take advantage of users' actions that go against long-established security best practices, such as turning off network-security software to increase performance. Users often will cut corners for performance gains, regardless of the vulnerability they bring to the enterprise.