If you ask most people to free-associate from the trigger term "September 2001," likely responses might be "World Trade Center" or "terrorists." Only people at the epicenter of an enterprise IT operation are likely to recall, without being reminded, that the week after 9/11 was marked by the worldwide attack of the Nimda worm—which many now regard as an inflection point in the sophistication and, consequently, the speed and severity of attacks against e-business.
The University of Calgary, in Alberta, Canada, has since compiled estimates of Nimdas impact that include 2.2 million infected machines within 24 hours and a cleanup cost of $539 million.
Thats more than the individual gross domestic products of 15 of the member countries of the International Monetary Fund, not to mention being enough to take every worker in the United States out to Starbucks.
The IT industry has had five years to recognize the significance of such numbers and to make the best practices of enterprise security the norm rather than the exception. But that recognition has remained largely nominal, and the response superficial.
Two years after Nimda, for example, the Slammer worm successfully inflicted a billion dollars worth of nuisance and cleanup. Slammer doubled its number of victims every 8.5 minutes, affecting 90 percent of vulnerable targets worldwide within its first 10 minutes in the wild.
Even two years later, the Sober worm in 2005 may have accounted at times for as much as 70 percent of worldwide e-mail volume—succeeding by taking advantage of laxity in risk assessment and prevention; underinvestment in detection and response; and, all in all, a general lack of vigilance.
By no coincidence, those five elements of security—risk assessment, problem prevention, attack detection, incident response and creation of a climate of vigilance—were the five sections of a major eWEEK Labs series of articles, titled "Five steps to enterprise security," that was launched in November 2001. Taking no pleasure whatsoever in the continuing relevance of recommendations made five years ago, Labs staff revisit that report in the following pages—with the aim of reiterating whats still critical and also raising consciousness in areas of concern that have emerged or intensified since then.
We hope this update finds a climate of improved awareness and expanded resources for addressing security issues, so that the end of 2011 will find us less tempted to issue a 10th anniversary update to this manifesto for enterprise infrastructure protection.