Big Bad World

Actually, when it comes to computer security, it's a small--and threatening--world. A global reach calls for global security measures.
In addition to protecting against enemy threats, just keeping track of the large number of people entering and exiting military facilities poses a challenge. One base in the Midwest has 400,000 personnel coming and going each day, Boggess notes. "When you're dealing with numbers like 4.4 million active duty and reservists, knowing who they are and where they are when they log on to systems is a huge step forward," he says.

Deploying up-to-date security in the military, where orders are usually followed, may be easier than in the private sector. Users often become complacent when they read about serious worms and viruses and then see little disruption to their companies' IT systems. A security analyst at a major software maker, who asked not to be identified, saw a lot of resistance in the past month. "Some of our business units didn't want to patch. Some pushed back, saying it would postpone other priorities. Some just ignored our call to patch," he says. "Those units were the first to look like the Fourth of July when the worm got into our networks."

The Upshot

Computers throughout the world face the same security threats, thanks to the Internet and global supply chains.

Worms, viruses, and Trojan horses hit only 45% of companies worldwide in the past 12 months, down from 66% two years ago. A greater percentage of companies in South America and Asia-Pacific suffered from these attacks compared with those in Europe and North America.

More companies in South America and Asia-Pacific plan to boost security spending this year than those in other regions.

Improving operating-system and application security is a top priority for companies in all regions of the world.

More automated patching tools could help managers overcome that resistance. "We're looking at ways to push the patch out," says the software-company security analyst. "Next time, we'll have the resources to deploy the patch and the corporate policies to make sure each unit does its part to protect our systems."

Making sure employees understand that security is everyone's responsibility is key, and there's much work that still needs to be done to accomplish that. Yes, deploying sound security technologies is necessary to secure global IT systems. But just as important is enforcing companywide security policies and raising the security awareness of all employees, Prudential's Tyminski says.

A virus, worm, hacker, or insider-gone-bad can strike at any time, and computer users need to understand that every connected computer--and the person using it--is on the front line of the battle. Raising security awareness at Prudential is one of Tyminski's most-important accomplishments during his three years on the job, he says. "When I used to ask who was responsible for security at Prudential, everyone used to say me," he says. "Now when I ask, most everyone raises their hands, because they now know they each play their own important roles."

-- with Steven Marlin

Illustration by Gerard Dubois

chart: Ensuring Safety

Continue to sidebar: Global Watch: Attacks Come From Just About Anywhere

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Terry White, Associate Chief Analyst, Omdia
John Abel, Technical Director, Google Cloud
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer