Finance and Commerce Magazine published an article based on a survey revealing that most companies are unprepared for IT risks.

*blink*

What? You mean that with all the emphasis we put on it, and all the spending after some of the biggest breaches in history, we’re still not ready? This is not coming from the consultant who sees this stuff every day, this is coming from people working for these unprepared companies.

With the economic situation as it is, will your own employees finally turn on you and take advantage of weak security controls in your network?

This may be an unpopular position, but while the risk is definitely much higher for insider threat, it doesn’t seem to make the news as much as the external breaches do. Maybe it is because most of the employees that are in a position to take advantage of something like that have too much to lose by committing such a crime.

This blogger is not sure.

Maybe things will get nasty for those companies who have ignored good security with employees facing the threat of an imminent layoff or being financially overextended. I would suggest there is a better chance of a hacker using an employee to exploit these poor controls, probably without them knowing it is happening.

Be it through phishing, social engineering, or just the right place at the right time, appropriate motivation may end up costing companies and their customers big dollars in 2009.

This post originally appeared on BrandenWilliams.com.