You'd think they'd learn.

[guest100718]

http://www.bbc.co.uk/news/technology-40416611

 

[ScienceBoy]

The problem is "they" is every single employee, not the IT security staff.

The weakest link in the chain is where it breaks.

To ensure "they" learn means training, retraining and running constant awareness programs for all staff who have even the slightest connection to the internet. Even then USB sticks carrying stuff around is a danger.

It's a huge challenge for even a medium sized company.

 

[guest100718]

no its mean patching agsint a weakness that MS were so concered about they released patches for XP and 2k3.
There are really no exscuses for getting caught out by this again

 

[ScienceBoy]

There are really no exscuses for getting caught out by this again

There are many many excuses, some more valid than others however.

This is a hugely interesting subject, bringing together elements of risk management, IT security management, user training and operational/customer service delivery.

It isn't as simple as just applying a patch. A patch can do as much damage as a virus (from certain perspectives) if applied without proper testing.

What makes this exciting is finding the balance, in many ways I agree, a greater risk has to be taken but with that will come outages and losses from that lack of testing.

 

[ScienceBoy]

What's really interesting is that this looks like it was started by someone hacking the updating of a bit of software, even more important to test updates first now?

Real catch 22 here, update quickly or risk being infected vs test updates to ensure they don't cause an issue.

Fascinating subject!