Freely subscribe to our NEWSLETTER

The pressure is on with 63% of ISF Members - comprising many of the world’s largest companies and public sector organisations - reporting that they expect to face reduced budgets in 2009. According to the report, the financial crisis has also accelerated the change and sophistication of new threats to information security. Many emerging longer term threats now pose a real challenge today and present serious legal, financial and reputational consequences.

The ISF identifies five major challenges that currently face information security professionals: responding to the changing information risk profile, managing the greater impact of incidents, keeping up with business change, surviving budget and staff cuts, and not losing sight of longer term risk and compliance demands in favour of short term measures.

Specific threats highlighted by the ISF include the rapid increase in targeted and organised cybercrime, espionage and the risk to intellectual property, internal and external fraud and embezzlement, and sabotage or theft of sensitive information through disgruntled employees.

"Right now, both the internal and external threats are higher with increasing staff turnover and dissatisfaction coupled with a trend to more organised profit-driven crime," says Jason Creasey, Head of Research at the ISF. "Changes in risk and the way the attacks occur mean that their effects are harder to predict and that their impact may be greater."

"We need to change the way we think about risk," says Creasey. "We are in an era where reliance on tried and tested past experiences to predict the future is not always sufficient; instead we also need to approach each instance as something new and be rational and flexible in providing the solutions."

"It is not just the risks themselves that change," says Adrian Davis, Senior Research Consultant at the ISF and author of the ISF report on Information Security in a Downturn. "Businesses will face other unexpected changes that may force a rapid alteration in strategy and operations. These in turn will effect an organisation’s risk profile and will require information security to take a more proactive and agile role and adapt quickly." The report also warns that reduced information security budgets and loss of experienced staff could take longer than the recession to recover from.

However, despite the warnings, ISF president and CEO Prof Howard A. Schmidt, remains convinced that organisations are in a better position to deal with the current crisis than ever before. "Security is no longer an add-on but is ingrained within the IT infrastructure, business processes and strategic planning from the outset. Working more closely together and adopting new methods to analyse and tackle the changing dynamics of security risk will help us through the tough times of the downturn and emerge stronger," says Prof Schmidt.

Managing Security in a Downturn is the latest report from the ISF available free of charge to ISF Members. Jason Creasey will be talking about Information Security in a Downturn in a keynote session on the first day of Infosecurity 2009 next week in Earl’s Court, London from 28-30 April.

Prof. Howard A. Schmidt, who served as VP/CISO at eBay and as CSO at Microsoft Corp as well as acting as special advisor for cyberspace security to the White House, will also be delivering a keynote speech on the 30th April on the dynamics of e-crime and taking part in the Hacker’s Panel on the same day.

The ISF is a not-for-profit, international association of some 300 leading
companies and public sector organisations dedicated to reducing risk and resolving information security challenges. In addition to researching over 200 authoritative reports, the ISF has also developed advanced information risk methodologies and benchmarking tools.