As all of these things continued to happen, I didn't miss an opportunity of pointing out that all that follow-up and remediation would be unnecessary if advanced firewalls were placed in-line and allowed to block the sorts of things that cause PCs to become infected -- and IT administrators could be doing more valuable things.
Or they could keep doing follow-ups that ate up their time. Since I had decided that being annoying would be an effective tactic, I insisted that an IT administrator had to look into every instance of a server initiating a connection to a file storage site. Doing that is the only way we can determine whether the connection was made by a human being or a piece of malware. And then I would add, annoyingly, "If the firewall were inline, suspicious traffic could be blocked, and eventually admins wouldn't use production servers to check their webmail."
Another thing that IT regularly does is send emails to HR whenever an employee surfs porn sites. And so I explained that we could create a policy that would both block access to these types of sites and present the naughty Web surfer an interrupter page letting the user know that such activity is inappropriate. Having one of those pop up on your monitor is embarrassing enough to prompt permanent behavior change while in the office.
In the end, my persistence and annoying behavior won the day. The IT department got tired of me having them stop everything they were doing to investigate. They agreed to order another next-generation firewall, for a highly available pair, and replace the legacy devices. Putting my obnoxious behavior aside, I agreed to dip into my budget and pay for training for the IT administrators who will be responsible for firewall administration.
Sign up for CIO Asia eNewsletters.