- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Recently I got a panicky phone call from Henry, the security administrator of a California hospital I have done business with for years. It seems the hospital had been hit by a nasty case of the MyDoom virus that began its explosive growth during the last week of January. After attempting to calm Henry down, I asked how MyDoom got released inside the hospital, which has about 2,000 desktops, 1,000 remote machines, and the usual assortment of Windows and Linux servers.
"That's the really bad part," he harrumphed. "Our execs did it."
"Your execs? What do you mean they did it?"
"They clicked."
"No!" I was flabbergasted. "They clicked on an attachment that says, 'Virus detected, do not open'?"
"Yes."
"But what about your corporate security policy we spent so much time on, which clearly states, 'Do not click on unknown attachments'?"
"They ignored it," he sighed. "Five of them."
Five executives in his hospital had clicked on MyDoom - and brought the e-mail system to a grinding halt. I thought about this for a second and postulated, "You know, Henry, if you or some of your desktop users had done the same thing, you would all be hung out to dry, at least according to your corporate policies. I suppose, then, our security awareness program isn't doing as well as we thought?"
"No, quite the opposite, in fact!" Henry sounded more upbeat now. "Over a hundred from our general user community called the help desk and asked what to do. The staff did their part; the execs failed us."
I heard similar stories from several other large organizations and frankly was astounded. The corporate executives who demand IT perfection from their administrators want 100% availability on all services and expect everyone in their company to follow security policy - these are the people at the root of the problem.
When I heard that on Feb. 2 China reported hundreds of thousands of computers infected with MyDoom, I could understand. China has a low level of security awareness and a widespread absence of efficient anti-virus software among its 78 million online population; thus, it is especially vulnerable to worm attacks. But in the U.S., where executives authorize the spending of tens of thousands of dollars and more annually to manage effective anti-virus defenses and educate their online user base, I am sorry - there is no excuse for falling victim to MyDoom.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment