The cost to businesses from the SQL Slammer Worm ran into the billions of dollars, according to many analyst estimates. The 376-byte packet of code slowed network traffic to a crawl in January by forcing unpatched installations of Microsoft SQL Server 2000 to spew replicas of the worm over the Internet.
But even though malicious code is a constant threat, companies should not panic, says David Lawson of Greenwich Technology Partners in New York. Instead, they should define and establish reasonable levels of protection.
"An important first step is to evaluate risk accurately," he says, "rather than responding willy-nilly to the threat du jour."
Although benchmark costs taken from industry peers can be useful, nothing compares with having a record of ones own. "Its difficult to make a good budget or spending decision without actual facts," Lawson says.
To read the full story and download the calculators, go to Baseline