Thursday, April 23, 2009

CIO Jury: Should you still be scared of malware?

While the recent Conficker worm may have turned out to be a damp squib, enterprises are still very much on their guard against malware.

Asked whether viruses are still a genuine threat to corporate IT security, 11 out of the 12 members of silicon.com's CIO Jury said they are.

With viruses seemingly not bringing down networks worldwide as they once did, some businesses could risk becoming complacent around their strategy - a danger Mike Cope, IT director at Virgin Atlantic, warned against.

"Complacency could lead to sloppy practices and a heightened risk that is not recognized until it is too late and an attack happens," he said.

It's a sentiment echoed by Steve Gediking, head of IT and facilities at the Independent Police Complaints Commission: "The danger will be if we let our guard down," he said.

For Neil Harvey, IT director at Sindlesham Court, while viruses are as much on the agenda as ever, they are easier to guard against.

They are "much more manageable than they used to be, simply because of increased awareness both of the issues and risks, and of what action to take when an infection occurs to minimize the impact", he said.

A number of organizations in recent months have been finding out about those actions: the UK Parliament, Barts and the London NHS Trust, five Sheffield hospitals and the Ministry of Defense have all been hit by viruses of late.

For many of silicon.com's CIO Jury, keeping an eye on viruses is just one part of a wider security strategy.

According to Richard Steel, CIO, London Borough of Newham, organizations are increasingly opening themselves up to new vectors of attack.

"[Viruses] remain a threat. All corporations now utilise advanced defenses against malicious software but we must remain on our toes as networks are increasingly opened-up to social computing and unified communications," he said.

Nicholas Bellenberg, IT director, Hachette Filipacchi, added: "They are part of a much wider pattern of risks and threats. You cannot ignore them, but you cannot obsess over one particular aspect of security and risk missing the bigger picture."

This CIO Jury was:

* Alan Balharrie, head of business IT, Scottish Parliament
* Alistair Behenna, CIO, Harvey Nash
* Nicholas Bellenberg, IT director, Hachette Filipacchi (UK)
* Mike Cope, IT director, Virgin Atlantic
* Pete Crowe, IT director, Fat Face
* Kevin Fitzpatrick, CIO Northern Europe, Sodexo
* Steve Gediking, head of IT and facilities, the Independent Police Complaints Commission
* Madhushan Gokool, IT manager, Storm Model Management
* Neil Harvey, IT director, Sindlesham Court
* John Keeling, director of computer services, John Lewis
* Jane Kimberlin, IT director, Domino's Pizza
* Richard Steel, CIO, London Borough of Newham

  • CIO Jury: No cloud in our future
  • CIO Jury: Businesses need netbooks
  • CIOs vote on Vista for ‘09
  • No comments: