Zulfikar Ramzan, technical director of Symantec Security Response, believes enterprising criminals conducting “business” online are more likely to target stupid users than a technical flaw in any particular operating system:
This trend has been rising rapidly over the past two years. Currently, only about 3 percent of the malicious software that Symantec encounters exploits a technical vulnerability. The other 97 percent of malware is either “piggybacking on that 3 percent,” or more likely trying to trick a user through some type of “social engineering” scheme, according to Zulfikar.
It is quite obvious criminals would target user behavior rather than exploit an OS or application vulnerability. It is exponentially easier to trick users to do things you want them to do – humans are inherently trusting creatures, which may ultimately be to our detriment.
The amount of time and money required to successfully architect and deploy an attack exploiting a technical vulnerability in an operating system or application is too expensive. The return on investment would have to be exceedingly high to be considered victorious.
This is why it is imperative people pay attention to what they do online. Everyone must take the necessary precautions to safeguard their online activities. Failure to do so may result in a compromised workstation, or worse yet – a bank account siphoning cash to an online criminal enterprise.