Security strategies must change to keep up with cyber criminals

With an eye to the threat horizon several years out, organizations can no longer afford to leave responsibility for managing security risks at the door of the information security department. Instead, organizations must adopt a much more strategic and business-based approach to risk management, says Steve Durbin, global vice president of the Information Security Forum (ISF).

"While we're now emerging from the economic downturn, certainly here in the U.S. at least, there has been reduced investment across the enterprise and in information security in particular," Durbin says. "Enterprises are now playing catch up. Cybercrime, the malspace, those guys didn't suffer from the downturn."

"While individual threats will continue to pose a risk, there is even more danger when they combine, such as when organized criminals adopt techniques developed by online activists," he adds. "Traditional risk management is insufficiently agile to deal with the potential impacts from activity in cyberspace. While executives recognize the benefits and opportunities cyberspace offers, their organizations must extend risk management to become more resilient, based on a foundation of preparedness."