Intelligence Advisory
Security in a Down Economy

4
8

 10 Something to consider
6

16


According to a recent New York Times article,

“Every recession since the late ’50s has been associated with an increase in crime and, in particular, property crime and robbery…,” said Richard Rosenfeld, a sociologist at the University of Missouri-St. Louis. Typically, he said, “there is a year lag between the economic change and crime rates.

2

Financial Cuts

4
8

 10 The Facts
6

16


Approximately 80% of all cyber crimes are carried out by or with the assistance of insiders.
15

Identities are the primary target for cyber thieves followed by intellectual property.
15

Remote employees can introduce different vulnerabilities. StopBadWare.org in partnership with Google has created a database of almost 200,000 websites containing spyware, malware, Trojans, and infected files.
2

3
7
  9 Most Targeted Areas
5
11
The most targeted areas of data by cyber criminals:
1. Individual Identities

2. Intellectual Property

3. Financial Accounts

4. Credit Card Information

5. Healthcare Information



1

Content Contributor:

Technolytics is a security research and intelligence provider and
Solutionary's partner.


Organizations must use caution in light of the current and near-future economic conditions -- business decisions, such as budget cuts, must factor in the potential impact of the economy on information security and data protection.

Protecting Sensitive Data and Staff Reductions

Downturns in the economy often translate to a reduced volume of business resulting in a correlated reduction in staff.  Reductions in the operational staff involved in the day-to-day processing of transactional and payment processing data are a common first target for cost-cutting.

The fact that this staff often has access to payment card, credit account, or other sensitive information is typically not given the scrutiny it deserves when disruptive events like lay-offs occur.  Personal alliances and friendships can result in remaining employees taking actions or making decisions they may never have before.

Having a positive security model with validation and enforcement provides a deterrent to malicious behavior as well as the tools to quickly indentify and contain threats when needed.  A positive security model includes: policies, procedures, detective and preventative technology, and proactive monitoring.

Staff reductions may not be avoidable in achieving business objectives.  In many cases, operational personnel, IT security and administrative staff are all impacted.

Today, many organizations are considering out-sourcing for the first time; or they are considering expanding current out-sourcing to address the dilemma of how to cut costs and protect key business assets.

Often, IT security and administrative staff hold the “keys to the kingdom” so ensuring a successful transition to an out-sourced partner or ensuring that a disgruntled staff member isn’t able to carry out malicious actions requires additional measures.  Maintenance of separation of duties, business continuity, and expert knowledge are some of the factors to consider.

Cost Reductions

Organizations may use an economic downturn as an opportunity to “swap out” services for lower cost solutions.  When talking about information security and data protection, the old adage “You get what you pay for” applies.  Two services may look very similar on paper but the service may differ greatly in performance areas such as accuracy, depth of analysis and reliability.  Swapping out an existing service for a lower cost one that results in creating more work for the remaining staff, missing compliance obligations or increasing risk is usually a recipe for failure.

Sometimes organizations will decide that “hunkering down” and “weathering the storm” is the right strategy in the face of economic challenges.  Consider carefully that while you may be hunkering down, the external security environment is continuing to advance on a daily basis.  New vulnerabilities, new exploits and new schemes are continuously being developed by cyber-criminals.  Patch management, keeping current with latest versions of purchased software, and signature / rule updates are all necessary tasks for staying on top of evolving security threats and vulnerabilities.

End-point Security

Cost-saving measures may include reductions in facilities costs resulting in more employees working from home, hotels and coffee shops.  Once outside the safe controlled network environment they are accustomed to, many employees are vulnerable to entirely new attack vectors that they weren’t exposed to within the traditional workplace.

Cyber-criminals will be hard at work this year targeting your employees with phishing attacks, Trojans, spyware, and malware; and those who have obtained stolen identities and credentials are using more creative tactics to maximize the return on their investment.  In the past, criminals would have likely performed a direct attack on your employee’s financial resources, but cyber-criminals are becoming more aware of the potential rewards gained by not “killing the golden goose”.

Using detailed credit information obtained through a breach, one group of cyber-criminals coordinated a three-pronged attack against a credit union customer by exploiting an existing home-equity credit line.  Instead of the few thousand dollars taken in a “normal” successful credit card exploitation, the criminals made off with $80,000 in one fell swoop.

The economic down-turn is an unfortunate reality, but by carefully considering your business objectives as well as costs and benefits; making decisions that successfully preserve information security and data protection is possible.

For more information about protecting your data in a down economy and other security issues contact Solutionary today.

866.333.2133 | www.solutionary.com