IT security misunderstanding leads to million dollar mistake

By VAR_Staffing
In Channel
July 11, 2013

VAR_Staffing / VAR Staffing

It can be staggering how miscommunication and a misunderstanding of an IT security problem could cause a company to commit a massive mistake. Every business needs to be worried about protecting its hardware, software and data, but an overreaction can be even more costly.

Take the plight of the U.S. Department of Commerce's Economic Development Administration (EDA), which was profiled in a recent ComputerWorld article. The problem started with a suspected malware attack that led the agency to erroneously destroy $170,000 worth of equipment, with an additional $3 million in hardware set to be disposed of before funding ran out.

In December 2011, the Department of Homeland Security issued a notification to the EDA that 146 of its systems were potentially infected, however, only two actually were. The agency ran its own diagnostic procedures the next day, found the issue and sent an email. Unfortunately, it was poorly worded, vague and failed to say that the original report from the DHS was inaccurate, so executives assumed this verified that warning.

Now, with a gross overestimation to the scope of the problem and no follow-up from the Commerce Department, the belief of a system-wide attack spread, and was too rampant for a simple reimagining of the systems. It caused IT Principals to panic.

"In the end, nothing identified on EDA's components posed a significant risk to EDA's operations," the Inspector General's report of the incident said. "Despite only finding common malware infections, EDA's management and CIO remained convinced that there could be extremely persistent malware somewhere in EDA's IT systems."

The EDA spent $2.7 million—half of its 2012 IT budget—responding to the mistake. On top of that, $26 million over the next three years will be needed to fund the recovery effort.

IT security is a critically important facet of any business, but having a proper solution is vital. A VAR or MSP that specializes in technology and network security can become a valuable resource and those solution providers that have partnered with VAR Staffing can offer the impactful talent a strong system requires.

Read More