Regulation helps mitigate these threats, says GoldSchmidt, but he adds regulation alone is not enough. "We're a fairly regulated environment, but for example the financial sector is far more regulated than the retail sector. So they would be much more vigilant than the retailers would be."
A typical project sees Sense of Security's technical consultants assess a client's situation, determine whether their controls are adequate or deficient, and advise on rectifying problems.
For this service provider, products are viewed only as ways to fulfil the needs of the company's consulting service.
When browsing on Sense of Security's website, there are no signs of products or vendor partners, a strategy that ensures independent IT security and risk management advice, says GoldSchmidt.
"The difference between just selling products and providing a consulting based approach is that just selling a product detracts from the independence or the expertise that is required to determine what is required in the first place.
"We provide consulting services on the back of wanting to sell products or wanting to supplement it as a product. Products come as a byproduct of providing expert consulting services."
GoldSchmidt believes this so strongly that he declined to name the company's vendor partners.
Sense of Security offers a variety of services around assessment and assurance, strategy and architecture, deployment and ongoing management for its broad range of government, business and non-for profit customers.
Additionally, some of the work the consultancy does is around general security best practice. Others include regulation and risk management advice.
"Sometimes businesses are concerned that they might not be deploying or implementing their systems securely and they want an independent third party to validate it for them.
"A lot of organisations come to us [for] assessment services for online applications where people are doing some sort of online, transaction-based activity," says GoldSchmidt.
"Companies that might have online shopping applications have an obligation to comply with PCI DSS. We can assess them to be in line with their obligations for that standard."
Sense of Security also advises its clients on internal procedures for multinational organisations that require internal standards in their branch offices. These are mostly US-based companies that require their Australian branch to demonstrate compliance with their technical procedures.
"We validate those and provide a report whether they are compliant or not compliant," says GoldSchmidt.
For Sense of Security the size of the client is irrelevant; it's more about the customer's requirement for information security, says GoldSchmidt.
"You might have a smaller organisation that plays in a big space. For example, we work with payment gateway service providers, which are highly automated systems that transact millions of credit card transactions. But the size of the organisation may not be substantial. Or it could be a big company such as a bank with 10,000 employees," he says.
This year business is strong despite the downturn. In fact, the economic conditions have helped improve the company's revenues for a number of reasons.
Firstly, according to GoldSchmidt, disgruntled or retrenched staff as a result of company downsizing can create an insider threat which is elevated in times of economic downturns.
So organisations need to ensure that for the integrity of their brand they address security threats from the inside as well as the outside, explains GoldSchmidt.
Secondly, organisations might become the focus of a targeted attack that is intended to discredit that organisation in the industry or to tarnish their brand.
"Businesses need to be more vigilant," says GoldSchmidt.
Additionally, in these times organisations look for the least expensive option or a managed service options that has minimal overheads.
"They may choose to strike a strategic alliance with an organisation specifically on doing this. There is a lot of increase in companies wanting someone to look after them on an ongoing basis," says GoldSchmidt.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
