Opinion

Opposing Forces in a Down Market

CSO Publisher Bob Bragdon observes the classic battle between expense cutting and risk mitigation

By Bob Bragdon, Publisher, CSO

October 07, 2008CSO — It seems that every day there is more bad news about the economy. For months now we have watched as the markets have contracted, driven by trade deficits, soaring oil prices and ever-tightening lending markets. As I write this, oil prices have been falling (which is a good harbinger), but inflation is beginning to climb at a steeper pace. And as we have watched the economic climate become more challenging, you can rest assured that your CEOs have watched as well.

I imagine that, by now, you too are under pressure to control expenses in your enterprise as corporate leadership struggles to maintain earnings in an increasingly challenging market. I hear from many CSOs that, while spending isn't necessarily being rolled back (and there is significant pressure to do just that), they are being forced to focus on their top four or five initiatives next year, as opposed to their overall list of 20-plus. This puts CSOs in a difficult position.

In a tightening economy, history has proven that the risks faced by businesses increase significantly. When times begin to get tough for individuals, many will turn to crime to abate their diminishing financial situations. Oddly enough, these criminals operate in much the same way as any business would. To improve performance, they begin by trying to increase their revenue; it's much more acceptable than cutting their expenses.

Electronic attacks will continue and may get worse as criminals seek to exploit vulnerabilities for financial gain. Given the shift over the last several years as electronic exploits have focused increasingly on financial gain, we are at a point where the "bad guys" are well-versed in taking advantage of our dependence on insecure electronic environments. In the physical world, particularly in retail environments, shoplifting ratchets up as individuals and organized groups try that much harder to generate revenue for their own personal gain. Fraud also increases.

Unfortunately, we are setting ourselves up for a classic battle in our corporate cultures as the forces that are trying to cut expenses collide with those who see the need for continued, and maybe even increased, spending on security to mitigate the growing frequency and intensity of potential threats. And the last thing that any CEO wants to hear is, "We can't cut. We need to spend more." Unfortunately, that is the reality.

The challenge for you is, as is often the case, to translate the value of the organization's investment in security into the business value that it delivers to the organization. Whether that value is fewer data breaches, reduced shrinkage or whatever metric you happen to use in your industry, be sure to make that argument now before any cuts are mandated by uninformed leaders whose actions could significantly increase the risk to your business. ##

Other stories by Bob Bragdon, Publisher, CSO

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Rolling the dice with your security? Take the Self-Assessment Test now

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Configuration Assessment: Choosing the Right Solution

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Solving Online Credit Fraud Using Device Reputation