The ploy is to send an email that looks legitimate about upgrading a software component or windows program. The hackers site then downloads the Malicious Code.
“Companies must make their employees understand their role in improving security within the organisation,” he said.
A proper security policy must also be in place and the role of each individual who manages the security policy must be clearly defined, he said.
It must also be made clear to employees that the security policy is in place for their protection and not just for the company.
And finally, companies must be prepared for the worse. There should be an incident response team should the company's security be compromised."