Is this industrial unrest the next big security threat?

Security vendors can write some real guff when offering commentary on security threats. Just this week I’ve read articles ‘written’ by senior staff from various security vendors offering thoughts, views and advice on how to secure systems. If I was being charitable, most of them are rehashes of previous articles, and common sense dressed up with a bit of jargon. Insider threat, APT, emerging threat vectors and the like litter the page with an embarrassment of clichés.

And yet it’s clear that there really is a new threat emerging, and that is industrial unrest. Today’s announcement of a vote by Fujitsu staff on strike action, follows various bouts of IR (Industrial relations) fisticuffs at Shropshire and Southampton Councils over the summer.

Ignoring the reasons why, having IT staff out on strike means systems will be at best by run by skeleton crews. These crews will naturally try and keep stuff in the land of the living, primarily because the SIs get walloped with service degradation penalties if they don’t, but also because it’s politically expedient to show the strikes are having no effect.

The problem is that InfoSec may take a back seat, which is precisely where I believe it shouldn’t be. Even at its most mundane, we are seeing between 150-160 thousand new malware samples a day right now, and systems need to be kept in tip top condition in order to just stay running. QA processes may go out of the window internally, patching may fall behind schedule, and slowly an organisation can get exposed. You can automate many things, but risk will inevitably increase if IT staff go out on strike.

I don’t have a pithy or illuminating solution here, just an observation that in infosec terms, we are a symbiotic community that needs everyone to stay on their game. As the situation unfolds, CISOs and CIOs need to ensure that security doesn’t take a back seat or the effects will be severe and far reaching.

Advertisements

About Graeme Stewart, McAfee

I work for McAfee as Director of Public Sector Strategy and Relations, UK&I
This entry was posted in Cyber, Efficiency, Govt ICT Strategy, Information Security, InfoSec, PSN, Security, Sophos and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s