Layoffs increase internal threats to IT systems

23 Apr 2009

A global security survey of 400 IT directors has found that three quarters of enterprises believe that layoffs in the face of the global recession have increased the security threat to IT systems.

The survey by CA found that 42pc of IT directors anticipate an increased budget for the year ahead, while 50pc expect it to stay the same.

The economy has forced many companies to restructure their organisations, which has often resulted in layoffs.

Some 67pc of mid-market companies and 73pc of enterprise organisations believe that layoffs have increased the internal threat to IT systems.

“The need for companies to have the security systems, processes and reporting structures in place to help them verify compliance has always been one of the strongest drivers for security software such as identity and access management, security information management and data-loss prevention,” said Lina Liberti, vice-president of marketing, CA Security Management.

“Despite the need to cut costs, organisations continue to invest in security tools that will help them automate labour-intensive, manual compliance procedures such as reporting, de-provisioning users’ entitlements and removal of orphan accounts.

“The goal is to automate compliance systems to reduce errors that can result in audit failures, while demonstrating the value in an IT security investment more quickly through streamlined processes.”

Whether a security incident is caused by an internal or external threat, the impact on an organisation in dollars and cents is significant, and it has an effect on security spending.

According to survey respondents, security incidents at companies in North America result in an average loss of nearly US$418,000, with the majority of respondents reporting losses of more than US$500,000.

CA said the real number is likely greater, when factoring in lost time identifying and remediating the breach, and the damage to corporate reputation.

Survey respondents who reported an increase in IT security spending also reported a higher number of internal and external incidents.

By John Kennedy