To what extent shoud you change course in response to this recession?
Well, April Fools’ Day has come and gone, and with no end in sight, it’s clear that this downturn is no joke. For security professionals, tight economic times carry something of a one-two punch—their departments typically get hit with budget restrictions, if not outright cuts, while layoffs and financial struggles tend to increase the problems security is charged with combating.
That grim prognosis is borne out by the 2009 ASIS survey Impacts of the Current Economic Environment on Security. Among participating members of the ASIS Chief Security Officer Roundtable, 35 percent say they have seen an increase in crime and theft, 13 percent have seen workplace violence go up, and 9 percent have seen a rise in theft of intellectual property, to name just a few of the concerns. At the same time, 42 percent say security budgets have been cut, 31 percent have had to lay off security staff, and 66 percent now have a freeze on new hires.
For those who head up a security department, what’s the best way to navigate these rough waters? While it may seem counterintuitive, you should not feel compelled to change direction. If you’ve paid attention to what top security professionals have advised in these pages for the last decade or so, you are already on the right trajectory. You may have to trim the sails, but otherwise just continue to align security with business objectives, properly assess and prioritize risks, work with internal stakeholders to make sure that security is embedded in business budgets and processes, and make the most efficient use possible of personnel and technology.
A new report from encryption and network security company RSA offers virtually identical advice to managers of information security regarding the best course of action in this recession. Called Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy, the report (which you can link to via www.securitymanagement.com ) drove home to me how similar the roles, responsibilities, and challenges of IT/logical and physical/operational security professionals really are. That’s why convergence—this month’s special focus (page 80)—makes sense not only from an economic standpoint but from a philosophical one as well.
If you are a security professional who owns a company, rather than one managing a corporate department, consider the advice of successful CEOs, such as Amazon.com Inc.’s Jeff Bezos and Cisco Systems, Inc.’s John Chambers, both of whom emphasize the long term. In an interview with Nightly Business Report, Chambers noted, “We’ve been through this four times before, in ’93, ’97, 2001, and 2003. Each time we’ve gained market share…. So we’re going to be very aggressive through this downturn.” He says the key is not to lose sleep over what you can’t control; instead, focus on what you can achieve, on opportunities, and on where you want to be five years out.