Love Bug prompts security shake-up

Cost of lax security hits home as virus takes a heavy toll worldwide

Cost of lax security hits home as virus takes a heavy toll worldwide

David Bicknell

IT directors are to use the devastating effect on businesses worldwide of the "I love you" virus to demand a shake-up - and more resources - over how security is tackled.

The virus, which spread worldwide in a matter of hours last Thursday, left IT helpdesks, security teams - and sometimes whole departments - fighting an uphill battle to regain control of corporate systems.

Hamstrung by uncontactable anti-virus software suppliers and the volume of messages, many users had regained some e-mail operations by the end of the day, though end-users were continuing to receive "I love you" messages this week.

Now, as companies count the cost, IT directors are drawing up radical plans to prevent a repeat.

Already one IT director at a multinational company has called for the creation of a global security team, which would be set up specifically to ensure that problems such as viruses are not spread throughout a multinational company's operations. "In a 25,000-person company, surely we can afford a group of, say, three people, as a 'security council', who would be there to prevent company operations being paralysed."

Peter Sommer, a security expert, advised companies to go further. "Security specialists should be present at all critical business discussions to give their input on potential risks and threats.

In a bid to prevent further problems the spotlight has also fallen on:

  • anti-virus software suppliers;

  • corporate e-mail policies; and

  • integration of Microsoft products.

    Anti-virus companies are expected to face questions from frustrated IT directors who were unable to get through to them by phone, e-mail, or via Web sites because of the scale of calls.

    The ability of the virus to infect most staff's systems may lead to a more rigorous approach by IT departments and corporate management to deciding how users should be "connected" within organisations, and the extent of their IT privileges.

    Meanwhile Microsoft, whose tight integration of its products with Outlook helped propagate the virus, has said it will take measures to try and prevent e-mail chaos.

  • Read more on Antivirus, firewall and IDS products