Experts warn of e-commerce meltdown as threats increase

New research presents a bleak picture of the threats facing global companies

Two-thirds of security and risk professionals believe that the recession will drive IT professionals out of work and into the online criminal fraternity, according to new research published at the annual e-Crime Congress.

The study by KPMG interviewed over 300 professionals from global enterprises, law enforcement agencies and government departments.

The results paint a bleak picture of the current threat landscape. Some 41 per cent of respondents reported an increase in the sophistication of threats, and half said that their organisation is not sufficiently protected against malware.

Presenting the research, KPMG partner Malcolm Marshall warned of a " potential meltdown in the way we do e-business".

"If the threats continue to become more sophisticated and targeted, and solution providers and e-business providers do not respond, it is possible we could face the equivalent of a credit crunch," he said.

Rick Howard, director of intelligence at managed security service provider iDefense, agreed that firms need to be alive to the more social threats created by a global financial crisis.

"It would not be surprising if some in the industry hit by redundancy saw the amount of money to be made by cyber criminality and became attracted to the high-risk, high-reward opportunities that cyber crime presents," he added.

"It is essential for organisations to scrutinise their security policies more than ever in this current economic climate, and ensure company borders are absolutely secure to every kind of threat."

In addition to fears that out-of-work IT professionals could be tempted to provide services to anyone for the right price, the research pointed to rising risks from non-IT staff.

Sixty-four per cent of respondents indicated that their greatest fear in the current climate is theft of customer or employee data by insiders or ex-employees.

KPMG said that key to reducing these risks are policies which include the immediate deprovisioning of access rights so that ex-employees are not able to access corporate systems, and ongoing log and user activity monitoring.