Downgrading your IT security is false budgeting
Add to this the state of employment in SA: Career Junction is reporting job losses across most sectors, and Stats SA tells us unemployment is up. And although we managed to avoid a downgrade to junk status earlier this month, there is no guarantee that the next review will spare us again. And should that dreaded junk status come to pass, it will have knock-on effects on both consumers and corporates. What all this boils down to is stressed businesses and desperate people, creating a minefield for potential IT security risks for the average business.
Here are three ways that a strained economy results in increased IT risks for businesses.
1. Scammers exploit desperation
Let’s be frank: scammers, malware click-baiters, and their ilk, exploit greed and desperation. Broadly speaking, people who are comfortable and secure in their incomes seldom fall for these types of scams. But when your bank balance hits zero with your debit orders still looming, an offer that lands in your inbox offering passive- or work-from-home income suddenly looks much more appealing, as does a fake tax refund email or dodgy notice of deposit seemingly coming from your bank. A click to 'see more' is often all it takes.
Not only are these emails and websites providing an access point to an individual device, they are ultimately an access point to your entire business IT network and infrastructure.
2. Malicious intent
While the above scenario is extremely unfortunate, the risk it creates is unintentional – on the part of your employee, at least. But as our economic woes pile up, so too do incidences of intentional damage. A critically over-indebted employee is a softer target for collusion and corruption. They may be blackmailed into providing access to your network. Or a disgruntled ex-employee may look to use his intimate knowledge of your system for personal financial gain. They needn’t be a hacker themselves; these skills are available for hire in today’s dark web market.
3. Neglected and over-stretched security resources
Cutting spending on IT or on IT security resources (read: personnel) in pursuit of a healthier bottom-line can also leave a company vulnerable. There are two aspects to consider here. Firstly, when budgets are slashed, people choose not to renew software licenses or turn to shadow IT to meet their needs. Shadow IT is software used without the knowledge or consent of the company’s IT department. These include things like third-party cloud storage where the company is no longer in control, and if managed poorly, these put your data under threat. Secondly, your IT security staff teams are often shrunk, and over-stretched.
Unlike our economy, cyber-crime is in a growth phase. For cyber-criminals the risks are low and the potential returns great. The cost of cyber-crime to the global economy is in excess of $400 billion annually.
Given this, it is clear that downgrading your IT security in tough economic times is a strategic fail waiting to happen. If anything, security should be tightened under these conditions. A single solution that offers centralised visibility across the network is your best defence, and could actually reduce your total cost of ownership.