Viruses don't do Christmas
Most companies' Internet security protection has a potentially
fatal flaw: it relies on the long-suffering IT staff to run
updates and install patches. Your staff may be good, they may be
hard-working beyond compare, but they're people and they do need
a day off now and then.
Whatever you may think of virus writers, some of them are very
good at picking up on opportunities. They've realised when
companies are most vulnerable, and exploited this by carefully
timing the release of new viruses and other threats at weekends,
overnight, or on public holidays.
For example, the Bagle virus was first spotted in early 2004 on
Sunday January 18th, and then rapidly spread globally. Being
released at a weekend caught out many companies, and anti-virus
vendors scrambled to get updates available on the Monday. The
virus's release appeared to be timed to coincide with two public
holidays: Martin Luther King Day in the USA (Monday 19th), and
Chinese New Year.
While IT staff may not be at work outside office hours, it is
common practice for company employees to leave their PCs running
continuously so that mail is automatically downloaded. Also home
users will have their PCs on, so there's plenty of computers on
the Internet to spread the virus while nobody's on duty. So your
network is vulnerable before the IT staff has realised there is
a problem and can try and catch up. By then, it may be too late.
>From our installed base of security appliances, we can track
when viruses are reaching our customers. During the week we see
an average of around three or four hundred viruses per
appliance, and while this does drop to perhaps two hundred per
appliance at the weekend, the volume is still significant. There
are viruses knocking at the door of your network 365 days a
year, Christmas or not.
What can the poor overworked IT manager do to deal with this
problem? Realistically, only the biggest companies are able to
provide 24x7 IT cover to update virus protection, and even then
holidays, staff illness and unforeseen demands can make it
difficult to be on top of security at all times. For SMEs, IT
cover is inevitably some way short of 24x7.
One option is to outsource security, but many companies prefer
not to choose this option. When we surveyed UK IT managers
earlier in 2004, we found that nearly 70% said that managing
security was complex and time consuming, but only 40% of
respondents would consider outsourcing it.
If you're handling security yourself, ensure you pick products
and vendors that handle as many of the maintenance chores as
possible automatically, without user intervention. Scheduled
updates are essential, and some vendors can push the latest
anti-virus signatures out to their customers' appliances and
software, to ensure their protection is as up-to-date as
possible. And, it goes without saying, you should pick a vendor
that has a global presence and can provide 24x7 updates.
Finally, there's no substitute for well-educated users. Security
threats increasingly rely on social engineering and na