Information security expert Jo Stewart-Rattray warns that Australian businesses confront an invisible security threat from the uncertainty created by fallout from the Global Financial Crisis (GFC).

Job insecurity, social networks and increasingly shrewd cybercriminals are creating an environment in which organisations ignore a strategic approach to information security at their peril.

Ms. Stewart-Rattray, Director of Information Security for national accounting and business advisory firm RSM Bird Cameron, said organisations had taken their “eyes off the security ball” during the past year. “During the GFC, security became a discretionary spend,” she said.

“Organisations put the brakes on their spending for a while and then they took them off again, which made for a very jerky ride. This has caused a significant disruption in staff, strategy and operational activities in maintaining and improving the information security of our organisations. As a result, I think there’s a whole lot of risk bubbling under the surface that people are not aware of.

“There is more reason for concern now as a lot of the risk has become invisible. People think ‘we know about that’, but all the vulnerabilities are still there. Now we have to get ready for the next phase. The problem is that the bad guys did not back off due to the GFC.”

As well as her role with RSM Bird Cameron, Ms. Stewart-Rattray is a director of ISACA – a non-profit, independent IT governance, assurance and security association with more than 86,000 members in 160 countries.  She holds numerous information security credentials which make her one of the best-recognised risk management professionals in Australia.

Ms. Stewart-Rattray said concerns about employment presented a significant challenge. “We’re not out of the woods yet,” she said. “There remains a widespread concern about a W-shaped economic downturn – where the current ‘green shoots’ are killed off by another bout of negative financial results – so people are holding their collective breaths for a second wave of bad news.

“Uncertainty breeds insecurity. Although the worst of the GFC may have passed, people are still not sure of the security of their jobs, so they might hang on to a bit of information in case it comes in useful in the future. That attitude presents a serious, albeit unrealised, threat to any organisation.”

Ms. Stewart-Rattray said organisations needed to recognise that information security was about much more than just defending their perimeters. “Malware is a real issue, not just viruses,” she said.

“It is not enough to have anti-virus software and a firewall. As well as the challenges of the old chestnuts, such as the risks created by removable media, we have new challenges including vulnerabilities created by easy access to social media such as Facebook and Twitter.

“There is a great desire today to communicate by the electronic Mojo wire, but if you tell the world everything, it will come back to haunt you. For businesses, social media can create a gaping hole in their information security structure, not through intentional action, but by piecemeal leaking of corporate data – one jigsaw piece at a time.

“Just as social networks are sieved for pieces of identity data to assemble a fraudulent identity, they can be sieved for bits of corporate data that can be pieced together to tell a larger story.

“Security-smart organisations are increasingly utilising the principle of least privilege, where employees only get access to what they need to do their jobs. As awareness grows of this model, organisations recognise the need for a ‘trackable’ system where your movements through a corporate network are recognised and recorded as part of a standard security structure.”        

About RSM Bird Cameron

RSM Bird Cameron offers a full range of services that go beyond their core strengths of taxation and business services to extend to a range of specialist corporate advisory services including: Assurance and advisory, taxation consulting, corporate consulting and business investigation and recovery.

Over the past 80 years, the firm has grown to cover strategic regional centres as well as major cities across Australia with 28 offices nationwide. Based on a culture of teamwork they serve a client base comprising large corporations, SMEs and government agencies across a diverse range of industry groups. RSM Bird Cameron is a core member firm of RSM International, the sixth largest accounting and consulting organisation in the world.                              

For more information

Jo Stewart-Rattray
Director of Information Security
RSM Bird Cameron
Tel: 08 8232 3000

For media assistance, call John Harris at Impress Media Australia on 08 8431 4000 or email This e-mail address is being protected from spambots. You need JavaScript enabled to view it .'; document.write( '' ); document.write( addy_text39943 ); document.write( '<\/a>' ); //-->\n This e-mail address is being protected from spambots. You need JavaScript enabled to view it