RECENT surveys indicate that the thriftier budgets being forced on companies by the global economic downturn may result in threats to their information security. IT companies warn that neglecting information security may expose companies to risks from leakage or abuse of data, making their systems non-functional or exposing them to viruses. Reduced IT costs can also lead to low flexibility or make companies’ software systems more vulnerable, they add.
The 2008 Information Security Survey in Slovakia, conducted by Ernst & Young, suggested that information security is gaining importance in Slovak business. Up to 82 percent of organisations evaluate their information security positively and are optimistic about its development. But the results of the survey also showed that a majority of companies have suspended investment in new IT solutions and are operating on a ‘stand-by’ regime. Ernst & Young conducted the survey in association with the magazine DSM – Data Security Management and Slovakia’s National Security Authority between March and May 2008.
Another survey, the Global Financial Services Industry Security Survey 2008 by Deloitte Touche Tohmatsu, found that the global economic crisis hitting the financial sector is also fuelling a growing information security risk. According to its results, released in February, security attacks that exploit human error and breaches caused by distracted or disgruntled employees are likely to be a root cause of information systems failure.
“The market feedback suggests that companies in general are taking a more conservative attitude due to the considerable uncertainty regarding future development,” Pavol Adamec of the IT Association of Slovakia (ITAS) told The Slovak Spectator, adding that this caution is resulting in a deliberate attitude to investment planning and thinking about potential reduction of operating costs.
“The crisis means that some existing threats could grow,” said Adamec. “The potential vulnerability in terms of the accessibility of systems increases. The reduction of operating costs will mean resources are focused on the basic operating needs of companies and preparedness for non-standard situations will be neglected - including the ability to recover after breakdowns.”
Another significant threat is a leak of sensitive information, or other negative actions, by employees who are being fired, according to Adamec. The ability of companies to control access rights and monitor data flows adequately and with sufficient precision is quite low and the possibility of their abuse grows with the number of dissatisfied employees, he told The Slovak Spectator.
IT companies touched by crisis
Some IT companies operating in Slovakia have already registered a change in the attitude of clients, with some having orders cancelled. But they maintain that the latest information technologies can help companies make their operation more effective and secure - and hence more competitive.
SAP Slovensko, the Slovak arm of SAP, a leading provider of business software, has recorded reduced market demand for IT solutions. This trend became more visible during the final quarter of 2008 and has continued this year, Richard Hrabovský, commercial director of SAP Slovensko, told The Slovak Spectator. Companies which are not forced to invest are cutting their budgets and re-evaluating individual projects.
SAP Slovensko has also observed a growing trend in which, aside from the main aim of securing an IT solution, the returns on investment of solutions and an assessment of projects from the point of view of their added value are also being taken into consideration, according to Hrabovský. This means that companies ask what a certain project will bring them, what its return on investment will be, and how it will ‘fit’ with their existing portfolio without significant integration costs and bring advantages to the company as quickly as possible.
Asseco Slovakia, part of the international Asseco Group, one of largest software houses in central and eastern Europe, has also already noticed a negative effect from the economic downturn.
“Asseco Slovakia registers this in the segment of large clients and financial institutions such as banks, insurance companies and health insurers, whose parent companies have introduced very conservative and strict group orders to cut or save costs,” Jozef Klein, the head of the board of directors and the director general of Asseco Slovakia, told The Slovak Spectator.
Slovak company ESET, which develops software solutions that protect against evolving computer security threats, said it recognises that the crisis may also affect corporate clients’ expenditure on information security.
“But this trend has not been confirmed so far and corporate clients are debating whether to continue to pay for software or risk potential loss of data or damage to them,” Martin Baranovič, public relations manager at ESET, told The Slovak Spectator.
Baranovič identified spam, phishing attacks, threats exploiting the vulnerability of an operating system and transfer of dangerous infiltrations via removable media as the biggest risks in terms of information security. Thus IT administrators must, according to him, constantly follow the availability of patches for operating systems, update the virus databases of their anti-virus software, and others.
“Development of various instruments for hackers, development of new and more sophisticated forms of viruses, worms, their spread, and spam has become faster,” Igor Urban, the commercial director of Disig, a member of the Asseco group, told The Slovak Spectator. “In particular, during a period of crisis, when there is a huge fight for clients as well as market share, many companies are willing to invest not insignificant amounts into unfair activities, which may harm competition. Reduction of costs on information security goes hand in hand with a decline in the level of security, which can directly help security incidents to occur.”
According to Hrabovský of SAP Slovensko, reduction of IT and information security costs may lead to saving on the usage of standardised solutions by established suppliers of software applications and the continued usage of software solutions with obsolete architecture. Under such solutions, the high dependence on the human factor during maintenance and modification of the software excessively increases the risks of long-term outages of systems supporting the operation of a company.
Moreover, such solutions are not flexible enough to adapt to changes and are vulnerable in terms of abuse of information.
Other factors affecting the Slovak IT sector
For now it is impossible to assess the impact of the global economic downturn as the IT sector in Slovakia has been significantly affected by two additional factors, according to ITAS.
“The transfer to the European single currency has occupied companies in a significant way and thus they have, in many cases, postponed other solutions and needs,” said Adamec. “Many of these needs cannot be put off forever and generate a certain source of requirements to be fulfilled by IT and consultancy companies. For example, a systemic solution for security monitoring is an oft-postponed theme. The second factor is the Operation Programme of Informatisation of Society, which will engage the IT sector.”
Asseco Slovakia regards the latter as a chance to focus more on the state and public administration.
“Because in Slovakia there are EU funds allocated for projects such as eGovernment, eCulture, eHealth and others, maybe we will for the first time focus more on the state and public
administration, which could paradoxically bring us new opportunities or could substitute for some gaps in revenues from our existing private clients, who have already announced cuts in their IT budgets,” Klein told The Slovak Spectator.