It is axiomatic that crime increases as the economy deteriorates. A number of threats--to physical security as well as information security--have become more pressing in the past year or so. Many CSOs expect the associated threat pool to continue to widen. Although the economy is forecast to improve slowly in the coming year or two, many experts expect the reshaped landscape will not necessarily signal a return to prosperity for all, or even most, of society. Some people will be desperate and therefore prone to desperate actions.
As the economy continues to falter, more and more people are losing their jobs, which often means losing their health insurance as well. Ray Biondo, CISO at Health Care Services (which runs four Blue Cross Blue Shield plans in Illinois), fears ongoing economic problems will cause wide-scale employee layoffs, which the company has so far managed to avoid. He fears the coming of a national healthcare plan could have the same effect. Biondo finds himself worrying more about insider threats to information and physical safety than he did a few years ago.
"I worry about internal physical threats and threats to our data. People become very anxious, and data leakage becomes an issue," says Biondo. He believes he has taken all available measures to protect information and physical security, but he remains uneasy. Chris Falkenberg foresees increased threats to personal security, including the kidnapping of business executives abroad and attacks on high-net-worth individuals. "CSOs will have to deal with these things because they have to protect their executives," says Falkenberg, president of security services firm Insite Security. He also worries that personal kidnapping could become a problem in the United States, though the country does not have the widespread governmental corruption that typically allows such activities to take root. He believes most CSOs do not have the internal expertise to handle this type of threat.
Lee, of the Federal Reserve Bank, believes emerging threats such as malware and attacks by insiders require stronger communication between the information security and physical security groups, as well as any other departments that get involved when there is a problem, such as legal. "There needs to be better teamwork. It's not just training," he says. "Even if these groups do speak to each other, they usually would just offload the case onto the other side. Everyone involved needs to know the logical next steps. There needs to be recognition of joint ownership of the problem."
No. 4 Game-Changing Force: Data Explosion
Data is now so ubiquitous and so pervasive that people lose sight of it. Even many manufacturers today are so massively involved in data, they never think of themselves as anything other than purveyors and users of information. The level of integration companies have with their processes and business partners is something they could not have contemplated just five years ago, says Mears. The explosion in both data itself and the practice of sharing data outside organizational boundaries presents a number of different kinds of risk.
Sign up for Computerworld eNewsletters.