SABMiller: Conficker virus cost us £7.2 million

But selling 'poison' would have been far more costly, CISO argued By Anh Nguyen | Computerworld UK | Published 18:30, 21 September 11 SABMiller, the brewer of brands including Peroni, Foster’s and Coors Light, has revealed how the Conficker virus caused it to lose £7.2 million production. SABMiller’s Chief Information Security Officer (CISO) Mark Brown made the revelation to illustrate how CISOs can demonstrate their value to the business beyond providing technical security. The Conficker worm was one of the most severe computer security problems in recent years. It took advantage of a vulnerability in Microsoft's software, infecting at least three million PCs, forming a massive botnet. “Last April, I had to close down the Romanian operation for four hours because of the Conficker virus. It cost us £7.2 million [the revenue target lost, based on how much the breweries would have produced for sale during that time],” Brown told the Gartner Security and Risk Management Summit in London. Within minutes of shutting down the affected operations, Brown received a call from his board asking him what he was doing. He said they accepted his decision when he was able to tell them not only how much the stoppage would cost the business, but also by arguing that the effect on the company’s market capitalisation would be far worse if SABMiller had manufactured and sold poisoned stock. Brown was able to make these arguments because he understood the business – in terms of brand, reputation, revenues and profit, not just technology. “We have to understand what the organisation is. Anything I do has to enable the production of beer – that’s what SABMiller does. “The business exists to make profit, [so the IT security strategy] has to be business-aligned and business focused,” he said. Keeping the company secure is not a strategy, said Brown. As well as supporting the organisation, Brown believes that it is an opportunity for CISOs to raise their own profile. “So they know who you are, so they will ask you the right questions,” he said. Brown advised CISOs to ensure that their strategy document is agile and constantly evolving to adapt to the changing threat landscape, and to assess how the threats might affect the business: “[I would ask myself] ‘how will it impact SABMiller, and when?’ The only way you can know this is by truly understanding the business.” These strategy plans should be long-term, as well as short-term, he added. “You have to put together a three to five-year budget business plan. When I did this, I got a 1,200% increase in budget [at a time when people are having budgets cut] because I could be seen to be demonstrating value to the business and protecting the business, and not just worrying about IT,” said Brown. Separately, SABMiller today announced its plans to acquire Australian brewer Foster's for around A$9.9 billion (£6.47 billion).