2009 = infosec on a shoestring budget

It's no secret that 2009 is promising to be a tough year for nearly everyone. With corporate budgets shrinking, companies are looking to reduce costs by cutting the workforce and/or the number of projects planned/funded. Yet, reports indicate that cybercrime and data breaches have reached new highs, and that organized crime is growing rapidly in the shadows of the digital age.

However, this atmosphere of gloom may be just what the doctor ordered. With less money to spend on security staff and technical controls, companies will have to make do with what they have: people and data. 2009 will be the year of going back to basics and corporations should focus on people and data by creating a company-wide risk management committee involving representatives drawn from leadership positions across every line of business. As Tony Hildesheim, vice president of IT for Washington State Employees Credit Union, said, their risk management committee "goes further in providing increased security awareness, and therefore improved security overall, than any tool we have implemented."

For those companies that find themselves holding an unacceptable level of risk, the popular security controls of 2009 are Data Loss Prevention (DLP), Full Disk Encryption (FDE), and Web Application Firewalls (WAFs).

Src: As the Economy Sinks, Data Breaches Rise | CFO Magazine [tx @PrivacyProf]

No comments: