If you were like me, you checked all of your desktops, laptops, tablets, smartphones, home computers and so on for the DNS Virus Check. Somewhere in this picture- is there a lesson to be learned?
But before I write, the disclaimer- the opinions expressed on this blog are mine and do not represent those of my employer.
I have made a somewhat bold comment before that we are all likely breached in some way, we simply do not know and often do not have the right tools to explore the details to validate. It is one of those unproveable types of scenarios.
The DNS Virus last week, might have been a part of a string to follow. Let's assume that you checked (at least it is likely that someone in your family or organization checked). The question is - why ?
One of the arguments that the BYO and mobility advocates remind IT is a point of view constantly suggesting to us is that we (IT) are constantly over reacting to security issues.
The Virus check is simply one of a series of on going threats that IT needs to deal with. At the same time one of the premier services provider announced in the same timeframe that 450,000 (that is 450,000) might be impacted by a breach.
In previous months the credit card industry was plagued by breaches as well.
The empirical evidence to support the premise that the security and breaches inside an enterprise still requires significant due diligence and IT investment seems to be clear and compelling. Bringing in consumer devices without stringent security counter measures is a risk laden proposition.
Many of my friends and colleagues argue that when they did the DNS virus check, it was a non-event. That in my opinion misses the point- they looked. They were not 100% certain that there was or is an issue.
Depending upon what industry your business is in, one of our primary missions in IT is to protect the consumers, employees, and brand as well as our intellectual capital. The circumstances over the last two weeks would seem to be a reminder of how serious the issues we face truly are, and that we must continue to invest in security counter measures.
And yet, there will still be those who sincerely believe that security and risk is over stated and an over reaction to the consumerization of IT. Risk is not real until it happens to you, as one of my findings discovered.
For me, this was close enough as a reminder to continuously improve my counter measures. What are your thoughts ?