This article, Dealing with Cyber Security in Tough Times, was prepared for client TAL Global
With the collapse of the formerly robust economy, primarily due to COVID-19, all business sectors are being asked to cut expenses. Corporate security is not immune. While exact figures are not available, it is believed that most private and public enterprises are being asked to cut security budgets by 20 percent or more.
However, when it comes to cyber security, we do have more precise figures to report, and the numbers do not look good.
According to a survey of 300 financial organizations by PwC, an audit, assurance, tax, and consulting firm, more than half are considering deferring or canceling planned investments. Further, 53 percent are considering reducing their “spend” on IT.
This is all complicated by the fact that so many security professionals employed by these organizations are now working at home. It’s easier to monitor security concerns when most everyone is under the same roof.
But when people work remotely, “all connections need to be tracked, managed, and monitored continuously to mitigate risks,” according to Jordon Rackie, CEO of Keyfactor, which provides IT-related products and services.
The bottom line for those in charge of corporate security is that they must do more with less—fewer financial resources, fewer people—while dealing with the potential for increased threats. Some of these threats – and their solutions – include the following:
Cyber Security Insider Threats
Instead of security breaches and threats coming from the outside, a more significant concern in difficult financial times are “insider” threats. These often involve theft, fraud, and violations of intellectual property policies committed by people working for or inside an organization. These are often the result of employee discontent due to layoffs, rumors of layoffs, and cost-cutting measures including pay cuts.
Solutions: One of the most effective ways to deal with insider threats is to increase communication with employees as well as independent contractors working for the organization. Transparency helps workers better understand why steps are being taken and why they are necessary. Further, they help quell rumors. At the same time, managers must engage with workers, always remaining alert for potential threats to the organization.
Data Siphoning and Cyber Security
Data siphoning, also known as data loss, is an ongoing problem that often surges in difficult economic times such as we are now experiencing. According to Osterman Research, nearly 70 percent of organizations experience some type of data loss when an employee leaves a company. Another study by 2020 Insider Threat Report, found that the insiders that pose the most significant threat – 63 percent – are privileged IT users and administrators. Not far behind, at 51 percent, are regular employees, service providers (contractors), and temporary workers. And we should add, about 50 percent of company executives walk away with sensitive company data.
Solutions: This is an ongoing battle. Many solutions arise, but as one solution is found, another data siphoning problem often emerges. Confiscating all company property such as laptops, monitors, mobile devices, and cloud services are the first steps. These steps are typically taken when a staffer leaves the company, but a better option is to be proactive from the start. For example, some organizations make it impossible – or at least difficult – for workers to attach storage devices to computers without company assistance. This helps reduce data siphoning. Further, filtering outgoing email, blocking large attachments or any attachments is helpful. These attachments often contain important company data.
Unusual or Irregular Behavior
Difficult times, especially when they impact someone’s livelihood, can result in very unusual or unexpected behavior. Workers that generally go about their duties calmly and positively can display depression or aggressiveness, have anger outbursts, or even become violent.
Solution: Vigilance, in this case, is the single best solution. Administrators, department heads, and supervisors must be vigilant, always on the lookout for unusual or disruptive behavior. Often it can be dealt with by just talking to the worker and giving them time to adjust. In more challenging situations, such as a threat to other staffers, property, or company data, termination may be the only option.
We should note that most organizations come under unusual pressure when cost-cutting measures must be implemented, made worse by an economy heading south. Workers feel like the doors are closing in on them. Be aware that this can and does happen. Further, as a proactive measure, it is often a good idea to call in experts in corporate security. Most every company has a “weak link.” These experts are trained to find it.
AlturaSolutions Turns Words into Sales | 312-880-8176