Most Companies are at Risk
On Slashdot and Finance and Commerce
Survey says that most of the Fortune 1,000 companies are not prepared for IT security attacks. The article suggested that companies can start monitoring the networks. If it’s too costly, outsourcing the monitoring job can be an option. With the current economic recession, IT related crime rate is likely to increase.
Factors that led to the lack of protection include optimism, lack of funding to enforce good protection, and people’s ignorance about the IT security world. Companies could’ve started thinking about security risks in the beginning, during its early ages. As companies grow, things get more complex, and it’s harder for them to protect themselves from attacks. Despite the complexity of enforcing good protection, the cost is also high for large companies.
With the recession in progress, companies probably have many problems (e.g. layoff, VC funding, etc.) to worry about other than security. Not focusing on those problems can directly lead to increased crime rate. Companies should focus more on problems that may cause security attacks than worrying about protecting themselves from security attacks. For instance, if the company doesn’t have to lay off employees, then it doesn’t have to worry about jobless employees trying to harm the company. If the company has enough resources to handle both security and other problems then that’s the best case. The cost of preventing security attacks versus protecting against attacks really depends on the individual companies. Also, there are some relatively cheap ways to increase security protection such as not giving employees more privileges than they really need.
Comment by Jon Andes
January 7, 2009 @ 1:54 pm
It seems that it’s not just employees that are laid off that a company needs to be on the lookout for. The recession and direction of the economy inherently causes individuals to worry about job security. This fear can drive people to exploit a system based on the thought they may be unemployed in the not too distant future. This was the case with the disgruntled San Francisco municipal employee mentioned in the article. He was not currently unemployed, but the fear of unemployment drove him exploit the system.
If a system is violated, it could cost a company millions of dollars in a tough time, which could lead to more lay-offs and a viscous cycle would ensue. It seems as though companies should be increasing their security budgets to prevent these possible attacks in conjunction with focussing on problems that may cause security attacks, like informing employees that there are no impending lay-offs, if that is the case.
Comment by Andreas Sekine
January 8, 2009 @ 11:42 pm
The article makes mention of monitoring their networks using outsourced security experts, to notice any sudden changes in network flow or data usage. This seems like a rather drastic and unnecessary measure to take. Not only does this require exposing the companies infrastructure to a third party, but this also just offsets the security concern to another company. What if a worker at the security company is insecure about his/her job, and just happens to have network access to your company’s network?
It seems to me like treating workers like future criminals just waiting for an opportunity to make a quick buck will only create more disgruntled employees. Companies have every right to protect their own interests and customers, but it is a slippery slope to start monitoring and distrusting all employees.