Welcome to The UltraTech Zone Sign in | Join | Help

Talking Out Loud with ASB

Views on Life, Technology and Everything, by ASB (aka Logik!)...

My Profile

Andrew S. Baker (ASB)

News

  • Platform: CS v2.1 SP2...

    Get a FREE phishing filter for your domain!

    Who links to my website?

    Pando Pro

Yes, Security Is Still Important in 2009

Quite frankly, it’s even more important than it has been in the past.  

This morning, I was reading some articles on information security, including news about the Conficker worm.  You know, we haven’t had a really good worm in 3 or 4 years, so it seems that people have forgotten about how dangerous those things can be, and how much damage they can cause is a very short period of time.   So far, over 10 million (say it now, 10 meeeellion) systems have been affected.  This is a sophisticated piece of malware that probably still has a few tricks up its sleeve.

Worms had fallen out of favor for a while, because it is much easier to breach systems and networks if you’re stealthy, than if you make a whole lot of noise and tear up the Internet.  A recent article published by shows that data breaches rose sharply in 2008. A part of the credit goes to the various disclosure laws that have gotten onto the books that force companies to admit that they were breached, but even accounting for that, you can see that things are not getting any better on the security front.

So, it was with great surprise that I read an article in InfoWorld where the author alleged that most companies have a good patch management process, and thus .  Now, I don’t know which companies he sampled, or what his sample size was, but I can say from a sampling of a dozen or so organizations that I have knowledge of in this area, many are lacking.   More than that, even some of the organizations that do have patch management processes in place are happy to get the “alarmist” Patch Tuesday announcements, because these are helpful in conveying urgency to business divisions that don’t see any visible evidence of problems.

You can bet that a significant percentage of those 10 million systems infected with Conficker are on corporate systems.  I’ve been in places where even with a clearly defined maintenance window for servers, there was regular pushback by the business users as it pertained to *scheduled* server downtime. Businesses need to take security alerts seriously, and to the extent that there are diligent security experts who are clearly outlining the risks and remediation options available for the harried and understaffed security teams, they should be commended, not maligned.

It will be interesting to see if we have actually learned anything over the past few years as it relates to operational security, or if we have simply been lulled into a false sense of security because of the lack of visible worm attacks.

For more information about Conficker, see the following articles and reports:

The economic downturn only makes it more important to be on top of security issues, because businesses cannot afford any type of service disruption or loss of consumer confidence. Lest anyone think that security is a Windows-only affair, Apple has just released their first patches for 2009.  48+ patches.

2009 is already shaping up to be a major year in information security, to say nothing of regulatory and industry compliance.  These two issues will be crucial to the survival of many organizations this year.

Will you be ready?

Share Post:
Posted: Friday, February 13, 2009 10:25 AM by Logik!

Comments

BrainWave Technology Tidbits said:

Quite frankly, it’s even more important than it has been in the past.   This morning, I was

# February 13, 2009 11:19 AM

Talking Out Loud with ASB said:

The Conficker worm continues to make headlines , not only because it has been so elusive over the past

# March 30, 2009 12:34 PM
Anonymous comments are disabled

About Logik!

Andrew S. Baker aka ASB aka Logik!

Andrew S. Baker is a business-savvy, hands-on IT leader with expertise in mentoring people, mitigating risk, and integrating technology to drive innovation and maximize business results. He creates competitive advantage for organizations through effective IT leadership: implementation of processes and controls, and architecture of robust business solutions.

Mr. Baker has successfully led a number of high-performance technology teams in designing, deploying and maintaining secure, cost-effective computing environments for well-known companies, including Warner Music Group, The Princeton Review, Bear Stearns, About.com, and Lewco Securities.

For over a decade, Andrew has exhibited thought leadership on technology and business topics via mailing lists, technical forums, blogs, and professional networking groups, along with contributions to podcasts, webinars, and over 20 technical/business magazine articles. He also serves on several boards and committees for non-profit organizations, and within the Seventh-day Adventist church.

His personal interests include Astronomy, Basketball, Bible Study, Chess, Comics, Computers, Family Life Ministries, Reading, Strategy/Role Playing games, and Professional Networking...

A summary of Andrew's current résumé is available here, and he can be reached on a variety of social and professional networks, including LinkedIn, Facebook and Twitter.