Tougher Times Ahead

Economic downturn may lead to increased security risks

With millions of U.S. jobs lost since last year at this time, the country seems to have resigned itself to hunkering down for the recession––possibly for years to come.

But certain industries shouldn’t get too caught up in all the belt-tightening. An increase in security risk and vulnerability may be one of the lesser-known side effects of economic struggles.

Heightened Risks
Rapid7 is a vulnerability assessment and management company that helps businesses evaluate and minimize exposure. Corey E. Thomas, the vice president of product management and marketing for the company, said there are three main reasons why security risks often increase during a recession: overall crime tends to increase and cyber-crime will probably follow this trend; given scarce funds, organizations focus less investment in security control; and, perhaps most importantly, there is a significantly higher chance of insider security risks and successful social engineering attacks due to layoffs, reduced employee training and decreased employee satisfaction.

Thomas explained that a social engineering attack occurs when hackers target employees and former employees to covertly retrieve sensitive information. Less likely is a direct attack by former employees, which is still a fast-growing area of Web and database attacks, he said.

“This is even more likely when organizations have poor exit policies and procedures,” Thomas said. “Even those that do have good practices for normal circumstances can experience difficulty in the case of mass layoffs.

“Many hackers target Web sites, and many organizations are likely to cut spending on Web development without cutting the amount of work, therefore, resulting in code that is likely to be less secure.”

Industries that deal with sensitive data face the greatest risk. Retail and healthcare organizations, for example, should be particularly cautious. In these types of businesses, employees and ex-employees could very easily expose vital information without knowing it.

Employees Fight Back
Although Thomas stresses that the greatest threat does not come from inside a company, a recent survey suggests companies should still be vigilant of current employees. “The Global Recession and its Effect on Work Ethics,” completed by IT security data company Cyber-Ark Software, found that more than one-third of 600 office workers polled admitted to conspiring behind their bosses’ backs to download vital, useful and competitive information to take with them if they get fired.

Not surprisingly, 56 percent of the workers said they were worried about losing their jobs. However, in preparation, more than half of them said they’ve already downloaded competitive corporate data and plan to use the information as a negotiation tool when looking for a new job.

According to the survey, customer and contact databases, plans and proposals, product information and access/password codes were seen as the most useful information to take away from a job.

“In these dark days, the instinct is to look out for No. 1,” said Adam Bosnian, vice president of products, strategy and sales of Cyber-Ark, in a press release. “If times get hard, companies need to ensure that any cutbacks aren’t deeper than expected when stolen data unexpectedly eradicates any chance of survival—our advice is to only allow access to sensitive information to those that really need it, lock it away in a digital vault and encrypt the really sensitive data.”

Whether a company’s employees knowingly take information with them or are victims of a social engineering attack, it’s clear that a company’s own employees are one of the greatest threats during a recession. That’s why, Thomas said, organizations should prepare as much as possible for these types of attacks.

Assess and Prepare
Rapid7 advises companies to follow a set of best practices to minimize their risk during times of economic turmoil.

First, a company should assess its security investments to ensure that it has the capacity to respond to both current and emerging threats. Next, ensure that the organization has an ongoing method to track its attack surface, so vulnerabilities don’t increase after a cut in IT or development resources. In advance of major layoffs, review and update exit policies and procedures and consider a tiered approach with more stringent safeguards for higher-risk exits.

Thomas said companies also should perform internal and external penetration tests to understand the ability of hackers and rogue employees to gain access to restricted data; deploy systems to track and manage social engineering readiness and respond to social engineering attacks; train employees on safe computing; and develop and access an audit policy that organizes who has access to what types of information and then ensure that the policy is followed.

Companies like Rapid7 can help businesses prepare for layoffs, limit their exposure and reduce the risk their vulnerable systems can have. Thomas said Rapid7 offers vulnerability management, PCI-compliance testing, penetration testing, Web application security audits, best practices consulting and social engineering training, all of which can help defend against the unforeseeable.

This article originally appeared in the issue of .

Featured

  • 2025 Gun Violence Statistics Show Signs of Progress

    Omnilert, a national leader in AI-powered safety and emergency communications, has released its 2025 Gun Violence Statistics, along with a new interactive infographic examining national and school-related gun violence trends. In 2025, the U.S. recorded 38,762 gun-violence deaths, highlighting the continued importance of prevention, early detection, and coordinated response. Read Now

  • Big Brand Tire & Service Rolls Out Interface Virtual Perimeter Guard

    Interface Systems, a managed service provider delivering remote video monitoring, commercial security systems, business intelligence, and network services for multi-location enterprises, today announced that Big Brand Tire & Service, one of the nation’s fastest-growing independent tire and automotive service providers, has eliminated costly overnight break-ins and significantly reduced trespassing and vandalism at a high-risk location. The company achieved these results by deploying Interface Virtual Perimeter Guard, an AI-powered perimeter security solution designed to deter incidents before they occur. Read Now

  • The Evolution of ID Card Printing: Customer Challenges and Solutions

    The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now

  • TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

    Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now

  • Brivo, Eagle Eye Networks Merge

    Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now

Most   Popular

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.