Times are tough for information security managers. Not only do they have to contend with increasingly sophisticated threats to corporate networks and data, but in many cases they must do so with shrinking staffs and budgets. And in a down economy security attacks don’t go away. In fact, research shows they tend to increase.
But IT security managers can take steps to cope with the challenges. These include deploying technologies that automate security processes, stepping up the effort to educate users about the importance of security and even asking vendors for discounts on products and services.
Managers might need all the help they can get, because difficult economic times often lead to increased security attacks, experts say.
“Risk increases with an increase in individuals in desperate financial situations,” says Ken Dunham, director of global response at iSight Partners, a Dallas-based provider of threat intelligence services. “Desperate people do desperate things, which increases the likelihood of an insider attack.”
A depressed global economy along with the rapid adoption of technology such as mobile devices and applications introduces a multitude of new threats. Security and risk management will be compounded this year, with many organizations experiencing a decrease in staff, training and budgets to mitigate risk, Dunham says.
A report released by iSight in January notes that the dramatic economic decline in the U.S. and worldwide will significantly increase the risk businesses face for a number of reasons. For one thing, the number of disgruntled employees will increase as organizations face budget cuts and layoffs. For another, many people are experiencing personal financial woes, leading some to consider insider crime as a way to mitigate losses.
As a result, Dunham says, organizations need to be diligent in shutting off access to information and systems for employees who have been laid off, to prevent potential data loss and other risks related to disgruntled employees.
Dunham says there is no easy answer in how to deal with limited security resources. It often comes down to a prioritization of risk mitigation and accepted risk in tandem with what an organization is able to do given a specific budget. “Due diligence is always required, especially during a time when risk increases and resources decline,” Dunham says.