CIOs and security experts in companies across the globe spend millions of dollars a year protecting their valuable digital assets from cyber criminals.

ITWeb Events asked John Shier, senior security advisory with Sophos from Toronto, Canada, what the oldest cyber criminal trick in the book is, and what the everyday citizen should watch out for. "While cybercriminals do try different tricks from time to time, the one having the greatest impact today is phishing. Systems and software can be patched but human fallibility cannot," he replied.

According to Shier a solid security awareness programme should be an integral part of a successful defence-in-depth strategy.  It is important that companies educate and test their end users through automated attack simulations, quality security awareness training, and actionable reporting metrics.  Sophos is able to provide you with the flexibility and customisation that your organisation needs to facilitate a positive security awareness culture.

Shier says there is no way to ensure 100% security. What everyone should be striving for is to mitigate as much risk as possible and make it exceedingly difficult for cyber criminals to impact your resources. The more time, effort and money it takes to attack you will greatly determine you suitability as a target.

John Shier, senior security advisor at Sophos.

John Shier, senior security advisor at Sophos.

End users are the largest, most vulnerable target in most organisations. In real-world attacks, end users are relentlessly bombarded with spear phishing and socially engineered schemes.  Keeping users sharp by emulating basic and advanced phishing attacks to help them identify real-world scams before it's too late is an important element of your prevention strategy.

Can you prepare for threats that you don't even know exist yet?  Shier notes that having the right people, processes and tools is integral to securing against known and unknown threats. Together they will allow you to better protect, detect and respond to any threat aimed at your organisation.

Shier is a 10-year veteran of Sophos and has been working in the security industry for over 20 years. He works in the office of the CTO doing research into all manner of threats and security issues. Shier is passionate about communicating and popularising security concepts and technologies to customers, partners, and the public at large in an entertaining, jargon-free and accessible way. He has appeared on TV, radio, and in many online and print publications.