The gap between security risks and our ability to tackle them is set to rise as the effects of the credit crunch continue to bite, delegates heard at a panel session focused on the most important IT security threats beyond 2010.
“We still haven't got the mindset of security awareness embedded in our organisations, so we're permanently playing catch-up. After the credit crunch there will be fewer of us security professionals around to deal with this,” said Alan Stockey, formerly head of IT risk management at JP Morgan.
“Outsourcing will be particular concern,” said Iain Andrews, Head of Information Security at Fujitsu. “We need to ask where has a service been outsourced to. For example, I know of a case where a service was outsourced to India, and then outsourced again to the Philippines,” he said.
As the economic downturn begins to bite it will be necessary to re-assess the risks from outsourcing, said Andrews. “There are going to be security risks in any country that is producing a lot of new, highly qualified graduates but where the economy is stagnating,” he suggested.
The rapid growth in storage and smart handheld devices, and new working patterns will make securing corporate data a tough challenge in the next few years, said Guy Bunker, Chief Scientist at Symantec UK. “From a corporate standpoint, we really don't have a handle on this. If we don't know where the critical information is, how can we protect it?” he said.
This issue can only grow sharper as the workforce becomes more sophisticated. Many employees will have increasing access to powerful technology at home and will expect to be able to use it in the workplace, said Bunker. Keeping a clear dividing line between corporate and personal data will be increasingly difficult.
Security professionals also need to look beyond the present economic woes, suggested Alan Stockey. “In 2010, if a new surge of investment comes in, we have to ask where IT security will be, whether it will be at the top table,” he said.