CEOs and CIOs might not know it yet, but there is a security squall headed right in their direction. Over here at Lumension, we’re referring to it as the “Perfect Storm” because, like the 2000 movie, this one is brewing on three fronts that are converging to a tempest the likes of which most of us in the tech world haven’t really seen in the past.

We see it like this. First of all, businesses are cutting back considerably to batten down the hatches and weather the current dismal economy. In many cases this means deep cuts to IT security resources and assets. In and of itself, these cuts would be bad enough, but there are also two other factors to contend with. One is the fact that the bad guys know we’re making cuts and they are increasing their efforts to steal our information without anyone detecting them. They’re upping their game.

Don’t believe it? Just look at this little fact—for every big downturn in the Dow in 2008 security researchers saw a huge upswing in malware. Take September 14th, for example, when the Dow dipped 5.5 percent and we in the security world saw the number of malware instances shoot up from its average of 8,200 detects per day up to 32,000 detects. The bad guys are thriving on chaos, attacking when  they know we’ll all be distracted.

The final front that is converging is the fact that as businesses make cuts, they’re dealing with heightened insider threats stemming from layoffs. Disgruntled employees can be a big risk factor on their way out the door if they aren’t properly monitored and controlled.  What’s more surprising is that in a recent survey of 600 workers, 71 percent admitted they would steal data if they were fired suddenly.  The respondents said they would take the data to their next employer o ruse it as a negotiating tool with their current bosses. 

The scariest part of this whole Perfect Storm scenario is the fact that many C-suite executives aren’t even aware that it is about to hit because of uneven information flow. A recent survey we conducted found that when we asked IT security folks and IT operations folks whether they’d experienced a security incident in the last year, we got vastly different answers. Ninety-two percent of IT Security folks said they experienced a cyber security attack while only 55% said of the IT Operations folks experienced it.  Especially given the current budget pressures, CIOs must first get their houses in order in order to safely navigate around this perfect storm, providing reliable threat information to the upper level executives who hold the purse strings, before they can ever expect to see the financial pressure loosened to deal with the forces at hand.  I’ve outlined key steps C-level executives and IT leaders can do to optimize security given the budget constraints.