Contrary to popular belief during a down economy it is crucial that companies maintain an assessment program. Based on an article I recently wrote for law.com... when the economy is bad (which appears to be the case for 2009) the chance for theft of corporate assets increases. Based on the fraud triangle below are three areas that if aligned a person is willing to steal, commit fraud or worse.
- Rationalization- The day an employee starts they start to rationalize… I worked all weekend and no one else was here… especially my boss!
- Pressure- Given the economy this is an understatement; pressure is all over the place. With one in five homes being foreclosed on it’s a safe bet that one of your employees will have financial pressure.
- Opportunity- Probably the only area that we can actual control. Taking away or reducing the opportunity is key. Assessments are actually the lowest cost solution to identify the risky areas.
Getting budget gets tougher and tougher when you don’t know what the real risks are. Hence, next year (2009), spend money on a risk assessment. Yes risk assessments cost more, but they identify more risk and more importantly map the business requirements to those risks. Now you are telling the board or CEO of the risks, not just the results of a penetration test. This is key; we as security practitioners do not want to hold the risk!
Over the past several years I have noticed an increase in January/February breaches and hacking activity. While I can not statistically back up this observation, I can guarantee you that with a down economy and the holiday season, people will have more free time. Especially kids that are off from school, this is an ideal time to try some new hacks out, maybe the latest version of FastTrak.