Home > Uncategorized > Economic Hard Times Increase Information Security-Related Risk

Economic Hard Times Increase Information Security-Related Risk

I recently read a newspaper article that discussed some of the fallout that has resulted from the recent problems with the US economy as well as economies elsewhere. The article stated that commercial stores are experiencing a substantially larger amount of shoplifting; theft by internal employees is also greatly on the rise. Given the severity of the current economic plight, there is no immediate end in sight.

More than simply goods, food and gasoline are at elevated risk of theft, however. I’d also be more than willing to bet that information security-related risk has soared as the result of the current economic hard times. Lack of economic well-being is one of the greatest motivators of all kinds of crime, computer-related crime very much included. For years, groups and individuals from various countries around the world, but particularly countries in which economies have not been faring well, have been breaking into computers that store financial information and that run business transaction applications that can be subverted to funnel money to somewhere where the perpetrators can collect it covertly and safely. Break-ins are, however, only part of the overall problem. Because extortion is another way to make money, I’d expect the number of actual and threatened denial of service and other attacks to also greatly increase. Furthermore, substantial growth in the number of social engineering attacks, especially attacks designed to steal industrial secrets that can be sold to information brokers and others, is likely to occur.

The paradox is that while information security-related risk is on the rise, significant cutbacks in the number of information security staff within organizations are occurring. I would truly hate to be an information security professional looking for a job right now; over the last 25 years, I have seldom seen a time period when so few job openings in information security are being advertised. What is truly sad, however, is that despite all the progress in the field of information security over the years, apparently a too-large proportion of senior managers still does not truly value information security sufficiently to understand its potential value, especially its value during time of substantially elevated information security risk. All this shows that we still have a long way—a very long way—to go in “making the sale” to senior management. I suspect that despite all our strategies and methods for doing so, the best leverage with senior management is the leverage that comes with reading newspaper headlines concerning catastrophic security breaches that have occurred. Even though such headlines will continue to persist, some senior managers will nevertheless continue to live in a state of ignorant bliss regarding information security risk awareness and management by thinking that “it happened to them, but it could never happen in my organization.”

Increased theft in stores will almost certainly continue to occur in the foreseeable future. Hand-in hand will come a growing number of reports about costly security breaches motivated by the desire to profit. They have occurred before, they are occurring now, and they are more likely than ever to occur at an accelerating rate as long as economic conditions remain unfavorable.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.