Outsourcing IT Systems & Data Management Can Be A False Economy

Uploaded on 2022-11-26 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In today’s interconnected digital world, organisations in both in the private and public sectors, often rely on outside providers to fulfill their cyber and IT supply chain needs. This can be for software, information technologies, services and other cyber systems.

Clearly, there are significant reductions in costs when outsourcing is adopted however, the cyber risks need to be considered as well as if they can be mitigated and at what cost.

As the main motivation for out sourcing being cost reduction and specialised expertise at lower-value or peripheral functions, there is an increased risk that an enterprise’s capabilities might be exceeded by one or more of its providers in a data and intelligence driven world. 

With more businesses becoming digital and moving their businesses to the cloud environment, the effects of a cyber security event are enhanced. Now threat actors are targeting cyber mature organisations through third-party suppliers to take advantage of this weakness.

Organisations cannot fairly assess and secure the whole landscape of their exposure potential as the field extends beyond their infrastructure to encompass part of the suppliers’ chains linked to other suppliers’ chains.
It is increasingly hard for companies to disassociate themselves from the digitised supply chain ecosystem.

What might have started as business effective and efficient arrangement can easily turn into an unhealthy dependency.

This can threatens competitive advantages and strategic plans on the business level and far more critical on the cyber security level to extend to personal data loss, financial loss, compromise of product integrity or safety.

CISA & FBI Recommend Affected MSP Customers Take Action

In the US both CISA and the FBI recommend MSP customers affected by this attack take immediate action to implement the following cyber security best practices. These include: 

  • Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organisational network.
  • Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available.
  • Implement multi-factor authentication.

Your organisation should urgently consider how to best manage the outsourced client-provider cyber security risks by establishing a client-provider trust approach, based on either the transparency-based view, the decision-theoretic view, or the market-based view.

 CISA:    Micheline Al Harrack:     Antonio Drommi:     Mckinsey:     Emerald Insight:   NetCov:  

You Might Also Read: 

The Cyber Security Risks Of Outsourcing:

 

« Smartphones Are More Vulnerable Than You Think
Twitter's Blue Tick Used To Promote Fake Accounts »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

IABG

IABG

IABG offer independent, product-neutral consulting as well as technical and scientific services for the use of safety-relevant systems and technologies.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

StackRox

StackRox

StackRox delivers a container-native security platform that adapts detection and response to new threats.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

Amtivo Ireland

Amtivo Ireland

Amtivo Ireland (formerly Certification Europe and EQA) offers a range of certifications and related services.

Twine Security

Twine Security

Twine is pioneering the creation of AI digital cybersecurity employees to help improve efficiency for cybersecurity teams.