Hard times increase the need for vigilance

As we know, security is a process ­ but what sort of process? In the good times it should be a process of continual improvement, punctuated by incidents and technology changes perhaps, but nevertheless with an underlying trend towards better corporate security. Can this focus be effectively maintained during the bad times of a credit crunch and deepening global recession? As uncertainty grows, pressures of work force security down the pecking order.

The major factor in determining the likelihood of a company suffering a data breach is organisational stability.

Even a company with very good security can find it is more vulnerable than a company with poor security if it is going through a period of change. This is exactly the kind of situation many firms currently find themselves in thanks to the credit crunch. Companies going through such changes should raise their security posture to counter increasing risks, particularly from insiders.

But there’s a double whammy. When companies are down they become a target. There are reports of phishing attacks using the economic crisis to target institutions in the news. Organised criminals know this is the time to attack the financial sector.
So what to do? The first thing is to make the case that security spending needs to go up not down during a recession ­ risks are higher, the threat is greater.

Unfortunately, this is easier said than done. Second, beware the weakest link ­ your staff. Ensure user accounts and access rights can be terminated effectively. Check administrator accounts and close down unused ones. Restrict rights as much as practicable. Monitor for internal suspicious activity. Backups and restore need to be tested and resilient to insider attack.

These are all well-known and fundamental security counter-measures. Your business may depend on them.

Rob Rowlingson is a member of the BCS Security Forum Strategic Panel and is chief
technology officer at OrbisIP.