SME members, says Steve Durbin, VP sales and marketing, ISF, “are facing the same challenges as large organisations but without security departments. This is a very prevalent problem.”
The focus of the government membership offering is “on e-government and privacy. It’s important to ensure that government departments are able to continue processes in effective ways.”
The launch of these varying levels of membership, which happened three or four weeks ago, has received more interest and rapid response than any other initiative, says Durbin.
The SME membership offers the same levels of expertise and workshop access, but for a reduced fee. “More often than not, the main focus for SMEs is getting the day job done. The market conditions are tough and we just want to give them the opportunity to access the same advice and guidance”.
Information security concerns for SMEs
So what are the concerns currently affecting SMEs? “Third party relationships are a concern at the moment, and our members are very responsive to this. There is a large level of risk in supply chains and there should be a standard to address this. It’s a process that can’t be implemented overnight though”, he admits.
Smartphone security is another concern, says Durbin. “People come into the office after Christmas with iPhones that they expect to plug into the company network. People store their PINs on their mobile phones. We may not be talking about losing billions of pounds here, but we are looking at a significant impact for SMEs.
“Data loss is not trivial. Most people hold significant data on their smartphones and organisations are replacing laptops with phones, which are easier to crack”, says Durbin.
When asked about cloud computing, Durbin admits that he worries “intensely about the cloud. Some people, however, are more than happy to put everything in the cloud. I think it’s complacent. There are pitfalls we need to be aware of [with cloud computing] but until people fall into the hole, they’re not concerned”.
Hard times
When questioned on the impact of the recession on ISF members and the information security industry in general, Durbin remains realistic. “The last 12-18 months have been exceptionally tough, and that’s mainly because people forget that security requires constant maintenance.” The tendency, explains Durbin, “is to cut spending if there have been no problems”.
“We advise our members to keep threats at the forefront of discussion. Demonstrate the need for security”. While Durbin tells Infosecurity that organisations are starting to relax budgetary control, with money to spend again, he also warns that we’re not yet “out of hard times”.
Durbin believes that the industry is still focussed on achieving return on security investment, which he maintains is healthy. “If you can’t make a good case to show how security will give an organisation return on investment, then you don’t deserve the sale.”
Justifying ISF membership
Justifying the cost of ISF membership renewal is another piece of budget that many information security professionals have to fight for. “We tell our members to find imaginative ways of justifying it – to prove that there would be implications of not renewing it. We’re not about fear, uncertainty and doubt.”
So, what do ISF members get out of their membership? “There are workshops, chapter meetings, online forums, conferences, and the annual congress”, explains Durbin, who concludes that “networking is the most valuable part for our members.”
To learn more about the ISF, please visit their website.