Outsourcing IT Systems & Data Management Can Be A False Economy

Uploaded on 2022-11-26 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In today’s interconnected digital world, organisations in both in the private and public sectors, often rely on outside providers to fulfill their cyber and IT supply chain needs. This can be for software, information technologies, services and other cyber systems.

Clearly, there are significant reductions in costs when outsourcing is adopted however, the cyber risks need to be considered as well as if they can be mitigated and at what cost.

As the main motivation for out sourcing being cost reduction and specialised expertise at lower-value or peripheral functions, there is an increased risk that an enterprise’s capabilities might be exceeded by one or more of its providers in a data and intelligence driven world. 

With more businesses becoming digital and moving their businesses to the cloud environment, the effects of a cyber security event are enhanced. Now threat actors are targeting cyber mature organisations through third-party suppliers to take advantage of this weakness.

Organisations cannot fairly assess and secure the whole landscape of their exposure potential as the field extends beyond their infrastructure to encompass part of the suppliers’ chains linked to other suppliers’ chains.
It is increasingly hard for companies to disassociate themselves from the digitised supply chain ecosystem.

What might have started as business effective and efficient arrangement can easily turn into an unhealthy dependency.

This can threatens competitive advantages and strategic plans on the business level and far more critical on the cyber security level to extend to personal data loss, financial loss, compromise of product integrity or safety.

CISA & FBI Recommend Affected MSP Customers Take Action

In the US both CISA and the FBI recommend MSP customers affected by this attack take immediate action to implement the following cyber security best practices. These include: 

  • Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organisational network.
  • Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available.
  • Implement multi-factor authentication.

Your organisation should urgently consider how to best manage the outsourced client-provider cyber security risks by establishing a client-provider trust approach, based on either the transparency-based view, the decision-theoretic view, or the market-based view.

 CISA:    Micheline Al Harrack:     Antonio Drommi:     Mckinsey:     Emerald Insight:   NetCov:  

You Might Also Read: 

The Cyber Security Risks Of Outsourcing:

 

« Smartphones Are More Vulnerable Than You Think
Twitter's Blue Tick Used To Promote Fake Accounts »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

SolarWinds

SolarWinds

SolarWinds as a worldwide leader in solutions for network and IT service management, application performance, and managed services.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

Protenus

Protenus

Protenus provide a solution to proactively monitor and protect patient privacy in the electronic health record (EHR).

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

HADESS

HADESS

We are "Hadess", a group of cyber security experts and white hat hackers.

63Sats Cybertech

63Sats Cybertech

63SATS is the cybersecurity business unit of 63 Moons Technologies, a world leader in providing next-generation technology ventures, innovations, platforms, and solutions.