Klez: The bad smell hanging round IT departments

Today silicon.com revealed that Klez is still the most prolific virus in the wild - after a staggering 14 months in the top 10.

Giving voice to the feelings of any right-minded security expert, Graham Cluley of Sophos said: "Klez continues to hang around like a bad smell - those hit by it couldn't have updated their anti-virus protection in more than a year. Now that it's possible to receive fully automated updates, there's really no excuse."

But why is this? Earlier this year the slammer worm also took advantage of lethargy in the workplace to attack systems which should have been patched months ago. It's all well and good adopting the 'wait until something goes wrong... and then blame Microsoft' approach, but it is clear those responsible for their network's security need to start being more proactive.

Are these people too busy reading other people's email to update their systems? Are they just clueless about what they should be doing? Or maybe they are poorly trained or overworked and understaffed. Earlier this week we highlighted the 'after the horse has bolted' approach to system security. But are companies really waiting for a worst case scenario attack before they are spurred into action? If so, they probably deserve what they get.

Whatever the reason for such inaction, it is clearly widespread enough to ensure Klez continues to self-propagate in sufficient numbers to keep it at the top of the virus charts.

This is just the most obvious sign of a worrying trend within IT departments and companies in general. Too many still seem unable to get their heads around the abstract concept of computer security. Despite the highly publicised effects of viruses such as Melissa and the Love Bug, too many organisations appear to think of them as other people's problem.

So why should you invest time and money protecting your company against a theoretical event?'

Downtime, lost man-hours, huge recovery costs and unnecessary, avoidable headaches. That's why.