I was part of a meeting today where 20 people or so were working together on reviewing measures to avoid problems created by the conficker virus.
I was taken aback by the amount of resources that big organizations have to dedicate to something like this. I understand that news circulating about this virus magnify the issue and management gets alarmed about it.
The reason number one why we are dealing with this problem is that Microsoft’s Operative system had a vulnerability, they released a patch in October 15, 2008 and still today many computers have not been updated (find instructions on what to do next here).
I understand this happening to mom and pop, where there is no support or any technical help, and in many cases the computer is just a device to be used to see the kids’ pictures.
I find it unacceptable that this situation happens in mid size and big organizations, where there is a clear understanding of how IT helps the business and we all know the importance of keeping our computers up to date.
If you are the IT lead for your organization, how can you make sure the technology is being maintained correctly? What processes and procedures have you put in place to avoid this type of events?
I understand that a virus causes disruption when nobody knows about the vulnerability and the hackers and virus developers exploit it. But almost 6 months after the fix has been released? And it affecting big organizations?
If that is the case, we in IT are responsible for this big failure. I don’t think we can justify it in any way. Good thing this is happening in April 1st, so we all can look like fools if we are actually impacted by this.
What are you doing to make sure something like this does not affect you and your organization?