This is a just a short post to make available the security awareness slides that I was using at the RSA Conference in San Francisco last week. Several people asked me for copies to use in their own awareness efforts and I am more than happy to oblige. I believe these slides can be effective in changing the way people perceive the threat of malicious software.
My operating hypothesis is that the sooner everyone--from CEOs to employees, kids to grandparents--understands that malicious software--viruses, Trojans, worms, or whatever--are the work of a rogue industry, not a roguish teenager, the sooner we can convince individuals and organizations to effectively implement the necessary counter-measures.
The slides go by the name of Malware Incorporated, the fictitious-but-all-too-real criminal enterprise that embodies this new trend. The mission statement of Malware, Inc. is strikingly simple and honest: Turning your data into our dreams.
A copy of the slides can be downloaded in Acrobat .pdf format. Please note that I have broken out the screenshots of crimeware into separate slides so they are all visible (this adds a few pages to the .pdf but seems like the best way to handle build slides). Also note that I am indebted to Brian Krebs for some of the shots as well as Dr. Mark Vriesenga of BAE Systems. If you would prefer the actual PowerPoint file, I have placed the .ppt inside a 5.6 MB zipped folder.
If you find the slides useful, please let me know. In the meantime I plan to record them as a video with narration, but I promise not to use my Peter Falk accent.