With the bank failures of recent weeks, more pending
redundancies and a continuation of the downward slide, should we be
concerned about lax security? Is someone minding the store while
all this is going on or should we be doing something more when the
banks are going bust?
The great myth associated with information security is that the
risks are primarily technical, writes Simone Seth, senior
research consultant at theInformation
Security Forum(ISF). However, practitioners in
the trenches know better the greatest vulnerabilities organisations
face are down to human behaviour.
For example, although a company may have a sophisticated
application in place to manage identities, failure to follow a
process to 'on-board' and 'off-board' employees may result in
leaving back doors open. And with the axe still swinging over banks
and other financial institutions leading to a
steady flow of redundancies, this particular security
imperative has come to the fore as a critical issue.
Failure to effectively ensure that authorised access to data is
terminated immediately when individuals lose their jobs puts
sensitive and confidential data at risk and can lead to a breakdown
in an organisation's control framework. Experienced security
professionals have long highlighted this vulnerability to senior
management and HR departments and maybe these unprecedented events
in the financial world and radical changes in business practices
will now focus their minds and lead to positive change.
Additionally, as banks merge with other banks to avoid collapse,
the need to ensure that
multiple information security and risk management control
frameworks are synchronised becomes increasingly important.
Inviting security to the table when senior business and IT
management meet to discuss integration strategies and merged
environments can serve to avoid downstream costs and problems
associated with the exploitation of vulnerabilities.
Information security controls, if implemented correctly and
consistently, ensure the validity of financial records. As business
and government leaders face financial crises and focus on shutting
down, rescuing, nationalising or merging operations, it is
necessary to ensure that the integrity of financial records is not
compromised and that customer data is kept confidential.
Leveraging security staff to assist in this process will
reassure regulators and end customers of the ability to adapt to
changing operating models. With financial institutions desperate to
restore confidence and credibility, the last thing they need is a
string of data loss headlines.
Read more expert advice from the Computer Weekly Security Think
Tank >>