Information security is not recession proof

I keep getting told how lucky I am to be doing a job perceived to be “recession proof.” Personally I don’t think this is the case. If the company were to go down then I doubt there would be much room in the lifeboat for security awareness programmes and risk models. Don’t take anything for granted these days.

Especially don’t take it for granted that when somebody says they have lost their laptop computer that they really have lost it. I heard some anecdotal evidence yesterday that a number probably end up “re-assigned”…i.e. son/daughter about to go to college. They get the old work laptop and daddy goes to the office and gets a new one. In these hard economic times there’s likely to be a lot more of that sort of thing going on.

In fact, internal fraud and corruption are all expected to rise. Petty theft is one thing, but data theft is quite another. During the same event yesterday some of the motives behind internal data theft were presented. One particular quote from a convicted fraudster stuck in my mind “…working in a cold room, paid minimum wage, customers phoning in with their credit card details. I realised I could make more from that information than from my salary.”

There remains a serious threat from company insiders. See my blog from the beginning of August where I discuss this in more detail.