It seems ever since I wrote my paper The Malware Threat Businesses are Ignoring and How Damballa Failsafe Fits In I’m seeing more and more vendors jump on the bandwagon. Today’s malware impacts everything from the network infrastructure to the endpoint and everyone wants a piece of the pie. I know the market is growing so I can’t blame people for wanting to capitalize on the opportunity.
Vendors aside, what is it that you as an IT professional need to be doing about the threat outside your network and the vulnerabilities inside your network? Being an independent information security consultant and seeing things from an outsider’s perspective, it’s clear to me that most IT shops are, in a grand way, woefully unprepared to fight this threat…much less respond in a mature and professional fashion when a breach and subsequent outbreak occurs.
As I write this post, I’m listening to a song on satellite radio with a chorus that says “If we don’t do it, nobody else will.” Wow, that hits the nail on the head – in a spooky kind of way. Indeed, if you don’t address the advanced malware threat today, indeed, nobody else is going to. Executives on mahogany row won’t. Nor will HR. Software developers are doing their own thing. Even your compliance officer and legal counsel aren’t going to understand the real impact of advanced malware.
You, the IT/information security professional, are going to have to step up and make the case that your business can be – and quite likely is – a target. This means taking the proper steps to:
1. determine your risks
2. get management on board
3. document reasonable policies and an incident response plan
…and, most importantly (and often the missing link):
4. enforcing with the right technologies
Don’t give the bad guys a chance. Do something now. Nobody else will.