Tougher Times Ahead

Economic downturn may lead to increased security risks

With millions of U.S. jobs lost since last year at this time, the country seems to have resigned itself to hunkering down for the recession––possibly for years to come.

But certain industries shouldn’t get too caught up in all the belt-tightening. An increase in security risk and vulnerability may be one of the lesser-known side effects of economic struggles.

Heightened Risks
Rapid7 is a vulnerability assessment and management company that helps businesses evaluate and minimize exposure. Corey E. Thomas, the vice president of product management and marketing for the company, said there are three main reasons why security risks often increase during a recession: overall crime tends to increase and cyber-crime will probably follow this trend; given scarce funds, organizations focus less investment in security control; and, perhaps most importantly, there is a significantly higher chance of insider security risks and successful social engineering attacks due to layoffs, reduced employee training and decreased employee satisfaction.

Thomas explained that a social engineering attack occurs when hackers target employees and former employees to covertly retrieve sensitive information. Less likely is a direct attack by former employees, which is still a fast-growing area of Web and database attacks, he said.

“This is even more likely when organizations have poor exit policies and procedures,” Thomas said. “Even those that do have good practices for normal circumstances can experience difficulty in the case of mass layoffs.

“Many hackers target Web sites, and many organizations are likely to cut spending on Web development without cutting the amount of work, therefore, resulting in code that is likely to be less secure.”

Industries that deal with sensitive data face the greatest risk. Retail and healthcare organizations, for example, should be particularly cautious. In these types of businesses, employees and ex-employees could very easily expose vital information without knowing it.

Employees Fight Back
Although Thomas stresses that the greatest threat does not come from inside a company, a recent survey suggests companies should still be vigilant of current employees. “The Global Recession and its Effect on Work Ethics,” completed by IT security data company Cyber-Ark Software, found that more than one-third of 600 office workers polled admitted to conspiring behind their bosses’ backs to download vital, useful and competitive information to take with them if they get fired.

Not surprisingly, 56 percent of the workers said they were worried about losing their jobs. However, in preparation, more than half of them said they’ve already downloaded competitive corporate data and plan to use the information as a negotiation tool when looking for a new job.

According to the survey, customer and contact databases, plans and proposals, product information and access/password codes were seen as the most useful information to take away from a job.

“In these dark days, the instinct is to look out for No. 1,” said Adam Bosnian, vice president of products, strategy and sales of Cyber-Ark, in a press release. “If times get hard, companies need to ensure that any cutbacks aren’t deeper than expected when stolen data unexpectedly eradicates any chance of survival—our advice is to only allow access to sensitive information to those that really need it, lock it away in a digital vault and encrypt the really sensitive data.”

Whether a company’s employees knowingly take information with them or are victims of a social engineering attack, it’s clear that a company’s own employees are one of the greatest threats during a recession. That’s why, Thomas said, organizations should prepare as much as possible for these types of attacks.

Assess and Prepare
Rapid7 advises companies to follow a set of best practices to minimize their risk during times of economic turmoil.

First, a company should assess its security investments to ensure that it has the capacity to respond to both current and emerging threats. Next, ensure that the organization has an ongoing method to track its attack surface, so vulnerabilities don’t increase after a cut in IT or development resources. In advance of major layoffs, review and update exit policies and procedures and consider a tiered approach with more stringent safeguards for higher-risk exits.

Thomas said companies also should perform internal and external penetration tests to understand the ability of hackers and rogue employees to gain access to restricted data; deploy systems to track and manage social engineering readiness and respond to social engineering attacks; train employees on safe computing; and develop and access an audit policy that organizes who has access to what types of information and then ensure that the policy is followed.

Companies like Rapid7 can help businesses prepare for layoffs, limit their exposure and reduce the risk their vulnerable systems can have. Thomas said Rapid7 offers vulnerability management, PCI-compliance testing, penetration testing, Web application security audits, best practices consulting and social engineering training, all of which can help defend against the unforeseeable.

This article originally appeared in the issue of .

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.