Enterprise Management Associates (EMA), an information technology (IT) management research and consulting firm has released an advisory note, “What the Economic Crisis Means for IT Security and Risk Management.” In it, EMA research director Scott Crawford highlights the impact of the current status of the financial industry and its implications for the management of security and risk in IT.

“Clearly, the fallout from this crisis poses serious issues for IT security and risk management. Professionals in these fields should be thinking seriously about what they may be facing as a result,” Crawford said. “They also must understand how this crisis came about in order to be prepared for what will follow, as well as what it says about the mindset of the business when it comes to managing risk in any respect.”

In the advisory note, Crawford said opportunistic attackers will take advantage of the crisis, ranging from phishing schemes that target desperate individuals seeking debt relief to retaliatory attacks launched in frustration and resentment against financial businesses. Increased merger and acquisition activity will complicate security and risk management. As former financial services competitors take over one another in a wave of mergers and acquisitions, IT as well as security teams on both sides of a deal will find it a challenge to safely integrate a formerly foreign environment. According to Crawford, businesses should look to the security and risk management values of every management tool and technique in the enterprise.

Crawford predicts financial woes will increase the value of security as a service as moves and consolidations present new opportunities. Crawford said service-oriented approaches offer ways to keep up with the threat while getting a handle on the investment.

“The greatest concern the financial crisis creates for IT security and risk professionals lies in the roots of the mess itself,” Crawford said. “Just as with illusory lending, however, we now have abundant evidence of the impact of poorly managed risk that should motivate us to do better.”