All IT departments should be consciously aware of how their environments are being exploited. They shouldn't care about malware family names, country of origination, or the users involved. But they should know the top 10 threats and your plan to address them. Everyone should know how the environment is most often exploited and work cohesively as a team to fight the biggest risks first.
Consider the Conficker worm: It had multiple means of attacking computers. Early on, most observers thought Conficker's biggest threat was against unpatched systems. But in the field, I saw many of my clients affected by the worm, though their systems were appropriately patched. I determined this probably meant Conficker was successfully propagating via infected USB keys, a conclusion that Microsoft (my full-time employer) reached as well.
In response, Microsoft issued a security patch that disabled the autorun functionality, which led to millions of fewer instances of malware infections from Conficker and other autorunning malware. Some antivirus software vendors have questioned just how successful the fix was, but regardless of the specific numbers (estimates of the decrease range from 15 to 75 percent), one strategic decision led to a significant dip in malware risk.
Identifying and responding to multivector threats means being aware of them early on. Is your IT security infrastructure strategically defined to measure root-cause analysis and create the necessary data to respond with better, fine-tuned responses? Or does it rely upon a few humans noticing a trend and hoping their personal speculations will filter up to decision makers who might notice the significance and respond accordingly?
Instead of hoping, design into your system a proactive early-warning telemetry. When the next major malware or hacking trend occurs, such as a boot virus, macro virus, email scripting worm, fake AV program, autorun malware, or more, be better prepared to notice and, better yet, respond more quickly.
We don't do a good job at that in IT security. Imagine if a warring military unit noticed where it was taking on the most casualties and didn't respond to close the hole. That unit would lose the battle. That's exactly what we're doing over and over -- it's time to fight a better war.
This story, "The Morto worm threat: Use it to improve your security," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.