Outsourcing IT Systems & Data Management Can Be A False Economy

Uploaded on 2022-11-26 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In today’s interconnected digital world, organisations in both in the private and public sectors, often rely on outside providers to fulfill their cyber and IT supply chain needs. This can be for software, information technologies, services and other cyber systems.

Clearly, there are significant reductions in costs when outsourcing is adopted however, the cyber risks need to be considered as well as if they can be mitigated and at what cost.

As the main motivation for out sourcing being cost reduction and specialised expertise at lower-value or peripheral functions, there is an increased risk that an enterprise’s capabilities might be exceeded by one or more of its providers in a data and intelligence driven world. 

With more businesses becoming digital and moving their businesses to the cloud environment, the effects of a cyber security event are enhanced. Now threat actors are targeting cyber mature organisations through third-party suppliers to take advantage of this weakness.

Organisations cannot fairly assess and secure the whole landscape of their exposure potential as the field extends beyond their infrastructure to encompass part of the suppliers’ chains linked to other suppliers’ chains.
It is increasingly hard for companies to disassociate themselves from the digitised supply chain ecosystem.

What might have started as business effective and efficient arrangement can easily turn into an unhealthy dependency.

This can threatens competitive advantages and strategic plans on the business level and far more critical on the cyber security level to extend to personal data loss, financial loss, compromise of product integrity or safety.

CISA & FBI Recommend Affected MSP Customers Take Action

In the US both CISA and the FBI recommend MSP customers affected by this attack take immediate action to implement the following cyber security best practices. These include: 

  • Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organisational network.
  • Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available.
  • Implement multi-factor authentication.

Your organisation should urgently consider how to best manage the outsourced client-provider cyber security risks by establishing a client-provider trust approach, based on either the transparency-based view, the decision-theoretic view, or the market-based view.

 CISA:    Micheline Al Harrack:     Antonio Drommi:     Mckinsey:     Emerald Insight:   NetCov:  

You Might Also Read: 

The Cyber Security Risks Of Outsourcing:

 

« Smartphones Are More Vulnerable Than You Think
Twitter's Blue Tick Used To Promote Fake Accounts »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

SecureChain AI

SecureChain AI

SecureChain are combining blockchain and AI technology to create a smarter blockchain platform especially in terms of security.

Defence Innovation Accelerator for the North Atlantic (DIANA)

Defence Innovation Accelerator for the North Atlantic (DIANA)

The NATO DIANA accelerator programme is designed to equip businesses with the skills and knowledge to navigate the world of deep tech, dual-use innovation.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.

Interlock

Interlock

Interlock are building blockchain-based security products that solve legacy web2 security issues - phishing and social engineering.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.