CSO’s annual “Global State of Information Security” survey brings to light a few of the failures of how people approach information security, and in particular, focuses on the current economic crisis and the impact that it is having on security technology.

Anecdotally, a quick review of the news headlines would indicate that high-profile attacks are on the rise; in particular, email-based attacks are causing serious damage. Whilst one headline proclaims that the infamous “Storm” worm is dead, another proclaims that the Warezov botnet is back in business and going full-force. And while businesses may be feeling the pinch and be inclined to spend less on security, the people doing the attacking are not vulnerable to the economic crisis. In fact, if anything, there are more of them than before. Poverty and desperate circumstances tend to breed crime. And just as I’m seeing more gas station and convenience store robberies in my town, I’m seeing more cybercrime in the virtual world as well.

The CSO survey asked over 7,000 executives about their security woes. The survey notes that email scams are still prevalent, despite continued use of technology. The best approach here operates on two different levels. Email security is, of course, essential, but creating an environment of “self-defense” is also important. It continues to amaze me that people still fall for the same tired, old scams, but they do. And what’s more shocking is that many of the victims should have known better. The thing is, these email scams tend to evolve and change over time,and while issuing warnings about specific phishing scams going around is good, it would be better to take a higher-level view and teach employees more about what to look out for in general, not to click on URLs in emails, be suspicious of attachments, and to never give private data such as account numbers in response to an email. On the bright side, the survey showed that 54 percent of respondents provide this sort of awareness training, as compared to 42 percent last year.