The recession has taken its toll on enterprise network security. Budget cuts mean less money available to spend on security measures. Layoffs result in disgruntled ex-employees who may want to take one final swipe at the company. Combine layoffs with a smaller IT budget, and the chances are it takes longer to close accounts, giving former employees continued access to company information.
Now a CSO article in InfoWorld discusses another security risk caused by the recession: third-party partnerships and business relationships. Publications CSO and CIO, along with PriceWaterhouseCoopers recently conducted the Eighth Annual Global Information Security Survey. According to the CSO article:
Some 12,847 business and technology executives from around the world took the survey, and many admitted they're somewhat more concerned than they were last year that their own security is threatened because the security of business partners and suppliers [has] been shaken by the recession.
The problem lies in that when working with a third-party partner, that partner often has access to your data and infrastructure. While smart security policies include directives for third-party partnerships and their in-house security efforts, the slow economy may have caused changes to the way they approach risk management on their end. There is always concern that third parties aren't as up-front about security, of course, but now companies need to be alert to potential changes.
The general advice from CIOs and CISOs is to be specific about security efforts of third-party partners through detailed questionnaires and in contracts, and then to continue to verify and conduct security checks. While you can't dictate someone else's security implementation, you can hold them accountable to keep your data secure.