Outsourcing IT Systems & Data Management Can Be A False Economy

Uploaded on 2022-11-26 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In today’s interconnected digital world, organisations in both in the private and public sectors, often rely on outside providers to fulfill their cyber and IT supply chain needs. This can be for software, information technologies, services and other cyber systems.

Clearly, there are significant reductions in costs when outsourcing is adopted however, the cyber risks need to be considered as well as if they can be mitigated and at what cost.

As the main motivation for out sourcing being cost reduction and specialised expertise at lower-value or peripheral functions, there is an increased risk that an enterprise’s capabilities might be exceeded by one or more of its providers in a data and intelligence driven world. 

With more businesses becoming digital and moving their businesses to the cloud environment, the effects of a cyber security event are enhanced. Now threat actors are targeting cyber mature organisations through third-party suppliers to take advantage of this weakness.

Organisations cannot fairly assess and secure the whole landscape of their exposure potential as the field extends beyond their infrastructure to encompass part of the suppliers’ chains linked to other suppliers’ chains.
It is increasingly hard for companies to disassociate themselves from the digitised supply chain ecosystem.

What might have started as business effective and efficient arrangement can easily turn into an unhealthy dependency.

This can threatens competitive advantages and strategic plans on the business level and far more critical on the cyber security level to extend to personal data loss, financial loss, compromise of product integrity or safety.

CISA & FBI Recommend Affected MSP Customers Take Action

In the US both CISA and the FBI recommend MSP customers affected by this attack take immediate action to implement the following cyber security best practices. These include: 

  • Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organisational network.
  • Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available.
  • Implement multi-factor authentication.

Your organisation should urgently consider how to best manage the outsourced client-provider cyber security risks by establishing a client-provider trust approach, based on either the transparency-based view, the decision-theoretic view, or the market-based view.

 CISA:    Micheline Al Harrack:     Antonio Drommi:     Mckinsey:     Emerald Insight:   NetCov:  

You Might Also Read: 

The Cyber Security Risks Of Outsourcing:

 

« Smartphones Are More Vulnerable Than You Think
Twitter's Blue Tick Used To Promote Fake Accounts »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

Cyber Data-Risk Managers

Cyber Data-Risk Managers

Cyber Data-Risk Managers Pty Ltd is an insurance broker based in Melbourne, Australia specializing in Cyber insurance / Data breach insurance.

PETRAS IoT Hub

PETRAS IoT Hub

PETRAS is a consortium of 12 research institutions and the world’s largest socio-technical research centre focused on the future implementation of the IoT.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

Cyber Risk International

Cyber Risk International

Cyber Risk International offer CyberPrism, a B2B SaaS solution that empowers businesses to perform a self-assessment of their cyber security program.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

Messer Studios

Messer Studios

The most popular source for free CompTIA A+, Network+, and Security+ training - Professor Messer!

Cyber Cops

Cyber Cops

Cyber Cops is a premium cybersecurity company committed to safeguarding your most valuable data.