Spam and the bandwidth it wastes is the most pressing problem IT managers face.
Not only does it slow down production and clog the network, but according to Paul Ducklin, head of technology for Sophos PLC, the real case for clamping down on spam is the huge amount of useless traffic it creates in unwanted replies, which doubles the flow on a network.
“I am concerned about the amount of e-mail bandwidth that an organization wastes,” Ducklin said, speaking at the IT Security Summit in Sydney last week.
“Think about the number of automatic unwanted replies to already unwanted e-mails — the bandwidth waste is huge in an organization.”
Vicki Coleman, CIO of Sydney Water said the nature of spam causes huge issues for users of their network, but a more pressing issue is the new ‘socially engineered’ virus scripting and presentation that takes advantage of a limited amount of understanding into how a virus works.
Coleman said the most important issue into ensuring users know what to look out for is just as important as an up-to-date antivirus engine, citing an example of where user education, combined with a little naivety nearly crippled their network.
“A lady at our organization received an e-mail which warned her about a virus circulating the Internet and suggested she must distribute the mail to everyone on the network,” Coleman said.
“Now this lady, who does not have autonomous access to group e-mails, then worked out the entire group e-mail structure with the organization and then proceeded to send a virus to everyone in the organization.
“The e-mail which contained the virus stated she must distribute the warning to everyone and she did it, but it was well-intentioned.”
Ducklin suggested as a way of preparing for not only a worst case scenario, but also to ensure you know what to do when a serious viral outbreak hits, is to develop regular strategies and drill them, not only slow an outbreak down but to prepared for the inevitable.
“If your organization has emergency measures in place for a virus outbreak or dealing with any issues then simply practice them,” Ducklin said. “It is really important, both in the IT department and in the organization, that everyone gets an idea of the procedures, and what you are going to do before an issue happens.”
Kim Valois, global security manager for the Computer Sciences Corporation said the best way to ensure both an IT team and an organization is prepared for the worst is to play war games with a clear objective: to find out how your team would cope in a crisis.
“You need an effective incident response and the whole aim of conducting war games is to be smarter and effectively use the network as a tactical tool to ensure against network threats.
