May 2009

Budget cutbacks on information risk projects puts companies, no matter what industry they are in, at a higher risk to fraud and intrusions. A bad economy brings a rise in crime. This is not new, but what escalates this statement from past down economies is now we have the increased digitization and sophistication of network intrusions along with the desperation and willingness of inside employees to challenge the security controls of sensitive data. Companies now must deal with outside and inside security threats like at no other time in history. So to sacrifice the budget being allocated to continuing the prevention of breaches is a very risky move and could cost you more in the long run.

For instance, if you eliminate 24×7 intrusion monitoring to save costs, you will be transitioning from a preventative mode to a reactive mode. This increases the burden of inside IT personnel. If you have also decreased your staff, this can leave you wide open to vulnerabilities. Know what risk these decisions pose and be prepared to react if an incident should occur.

NCX Group believes information security doesn’t have to be expensive. But you can’t fix what you don’t know. At minimum, an NCX network penetration test can let you know what networks are open or exposed, if your access points are misconfigured or broken, if updates to software affecting security are patched and current, and if your network policies, processes and controls are tight. This can be invaluable information as we go through these times.

Your due diligence needs to also focus on keeping your guard up within your internal processes and controls. The financial pressure of this recession is pushing many employees to fraud, theft or mischief. We only hear about the bigger breaches in the major security news outlets, and not so much the instances where an employee might steal the identity of only a few or wreak havoc through sabotage. But these breaches still cost companies and institutions tens of thousands of dollars, if not more.

In another breach, a former IT director accessed the computer network of LifeGift Organ Donation Center in Houston after he was fired. Although previous administrative rights and access were revoked, the employee was able to repeatedly gain unauthorized access to the LifeGift network through a remote connection and deleted database files and software applications and backups relating to LifeGift’s organ and tissue recovery operations. The financial loss due to this intrusion was more than $94,000.

In an incident that escaped national headlines, a rogue IT computer engineer from Fannie Mae mortgage discovered he was about to be let go and planted a computer time bomb that was set to erase all the financial data and backups from the company’s systems. His credentials were not yet revoked when he appended malicious code to a legitimate script that would have replaced the data with zeros. Fortunately, the malicious script was discovered by a senior technician a few days after the engineer was fired. This incident would have caused millions of dollars in damage.

Know who has access to what data when letting go employees and terminate their accounts and all access before they have the opportunity to do damage. Be aware of what data is being accessed, if at all possible.

We know data security is an ongoing effort and takes many forms. Let NCX guide you in protecting your organization against inside and outside threats. Our security professionals are highly credentialed and our services are very competitive. We welcome your call for a quote on your specific needs.

For more information about our services or for a free consultation on how our experts can help you secure your data at a price that will fit your budget, call us at 888-448-5451 or request a representative to call you.

NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.