Big Bad WorldBig Bad World

In addition to protecting against enemy threats, just keeping track of the large number of people entering and exiting military facilities poses a challenge. One base in the Midwest has 400,000 personnel coming and going each day, Boggess notes. "When you're dealing with numbers like 4.4 million active duty and reservists, knowing who they are and where they are when they log on to systems is a huge step forward," he says.

Deploying up-to-date security in the military, where orders are usually followed, may be easier than in the private sector. Users often become complacent when they read about serious worms and viruses and then see little disruption to their companies' IT systems. A security analyst at a major software maker, who asked not to be identified, saw a lot of resistance in the past month. "Some of our business units didn't want to patch. Some pushed back, saying it would postpone other priorities. Some just ignored our call to patch," he says. "Those units were the first to look like the Fourth of July when the worm got into our networks."

More automated patching tools could help managers overcome that resistance. "We're looking at ways to push the patch out," says the software-company security analyst. "Next time, we'll have the resources to deploy the patch and the corporate policies to make sure each unit does its part to protect our systems."

Making sure employees understand that security is everyone's responsibility is key, and there's much work that still needs to be done to accomplish that. Yes, deploying sound security technologies is necessary to secure global IT systems. But just as important is enforcing companywide security policies and raising the security awareness of all employees, Prudential's Tyminski says.

A virus, worm, hacker, or insider-gone-bad can strike at any time, and computer users need to understand that every connected computer--and the person using it--is on the front line of the battle. Raising security awareness at Prudential is one of Tyminski's most-important accomplishments during his three years on the job, he says. "When I used to ask who was responsible for security at Prudential, everyone used to say me," he says. "Now when I ask, most everyone raises their hands, because they now know they each play their own important roles."

-- with Steven Marlin

Illustration by Gerard Dubois

chart: Ensuring Safety

Continue to sidebar: Global Watch: Attacks Come From Just About Anywhere