Security Ripcord

I have to say one thing for the rash of Conficker/Downadup infected systems that are plaguing businesses around the world:  This malware is helping the overall security of the Internet.

Once we are past this round of malware it will definitely be harder to propagate a mass infection.  Scoff if you will, but I am serious.  I admit that this worm is building a very large network of infected systems.  But for those businesses that are addressing this malware attack they are discovering the weaknesses within their infrastructures and response techniques.  The down-times associated with locked accounts, offline servers, disrupted services due to network traffic saturation, poorly implemented / broken patch management capabilities, broken backup procedures (BTW, are your backups infected?), etc are helping the information technology staff justify their recommendations to fix these issues.  Whether the recommendations were already in place or are now forth coming is really irrelevant.  The fact is that once businesses start adding up the costs associated with the response to this malware, executives should start taking notice of the potential return on investment (gasp, Securit ROI – opps, please don’t start THAT conversation AGAIN) of their network security and management technologies.

I am certainly not saying that after this malware tumbles off into the distance that there will not be another instance of a mass infection.  What I am saying is that because of the Conficker/Downadup malware, many organizations are going to be better prepared to avoid, limit, eradicate, and return to business as usual.  This will, in-turn, reduce the number of infected systems and the speed that new malware propagates across the Internet.  I wish I could also say that this will help other non-business computers such as those owned by schools, non-profit organizations, home-users, and [add your own choice here], but that is, unfortunately, just not the case.

One thing I can recommend is that IT staff and management take advantage of this situation and make their recommendations quickly with an emphasis on prioritization.  Recent disasters have shown how short lived memories associated with purchasing and implementing protections associated with business continuity and disaster recovery can be.  Determining which technologies will give you the most bang for your buck while also increasing your infrastructure’s preparedness with an emphasis on reducing the gap between an incident and the organization’s initial response is key.  Organize the rest of your list with these issues in mind.  Hopefully, you will get the number one priority on your list.  But if your list is not prioritized you may be stuck with a box of stuff that will leave you scratching your head and wondering how it is going to help future incident responses and general business requirements.

Go forth and do good things,

Don C. Weber

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.