Four years ago, Lexmark International Inc. was hit with a stubborn computer virus that tied up some members of its cybersecurity team for months. The Kwampirs malware had “run rampant,” said Bryan Willett, Lexmark’s chief information security officer. “We struggled with getting visibility into it, controlling it and getting patches in place” across a network serving more than 8,500 users.
The incident, which even attracted the attention of the FBI at one point, “opened our eyes,” Willett recalled. Like many organizations, Lexmark had people working in offices, out of their homes and at coffee shops around the world. New devices were constantly being added to the network, sometimes without the knowledge of the information technology organization.
Clamping down on employees wasn’t an option, since competition for skills and the pace of a global business demanded a malleable IT infrastructure that adapted to the way people wanted to use it.