Code Red Lessons, Big and Small
IT managers and users alike who were affected by the Code Red worm have gone through the latest round of requisite security "lessons learned."IT managers and users alike who were affected by the Code Red worm have gone through the latest round of requisite security "lessons learned." Those include: Stay on top of security news, install your patches, monitor server activity and err on the side of caution. And its working. The scheduled recurrence of the worm this month was substantially less damaging than its appearance last monththe direct result of security administrators scurrying to put in the patches. Reports said the Microsoft patch was downloaded more than a million times by Aug. 1. However, those that havent patched are now suffering from the far more dangerous Code Red II worm sweeping the Internet as this editorial goes to press. But there are larger and more important lessons to be learned for corporate executives above the level of security admins. C-level officers have to be made aware that, while IT busily patched its servers, their companies are spending time and money not to improve the infrastructure but to fight a mere holding action against hackers to stave off the inevitable next worm or virus.
Meanwhile, the long-awaited economic recovery keeps getting pushed further into the future. Company executives have to learn that when basic system administration costs this much to merely stay in place, then they cant be too hopeful about the future, or about, as President Bush might say, making the pie higher.