The gap between security risks and our
ability to tackle them is set to rise as the effects of the credit
crunch continue to bite, delegates heard at a panel session focused
on the most important IT security threats beyond 2010.
“We still haven't got the mindset of
security awareness embedded in our organisations, so we're
permanently playing catch-up. After the credit crunch there will be
fewer of us security professionals around to deal with this,” said
Alan Stockey, formerly head of IT risk management at JP Morgan.
“Outsourcing will be particular
concern,” said Iain Andrews, Head of Information Security at
Fujitsu. “We need to ask where has a service been outsourced to.
For example, I know of a case where a service was outsourced to
India, and then outsourced again to the Philippines,” he said.
As the economic downturn begins to bite
it will be necessary to re-assess the risks from outsourcing, said
Andrews. “There are going to be security risks in any country that
is producing a lot of new, highly qualified graduates but where the
economy is stagnating,” he suggested.
The rapid growth in storage and smart
handheld devices, and new working patterns will make securing
corporate data a tough challenge in the next few years, said Guy
Bunker, Chief Scientist at Symantec UK. “From a corporate
standpoint, we really don't have a handle on this. If we don't know
where the critical information is, how can we protect it?” he said.
This issue can only grow sharper as the
workforce becomes more sophisticated. Many employees will have
increasing access to powerful technology at home and will expect to
be able to use it in the workplace, said Bunker. Keeping a clear
dividing line between corporate and personal data will be
increasingly difficult.
Security professionals also need to
look beyond the present economic woes, suggested Alan Stockey. “In
2010, if a new surge of investment comes in, we have to ask where IT
security will be, whether it will be at the top table,” he said.