Outsourcing IT Systems & Data Management Can Be A False Economy
In today’s interconnected digital world, organisations in both in the private and public sectors, often rely on outside providers to fulfill their cyber and IT supply chain needs. This can be for software, information technologies, services and other cyber systems.
Clearly, there are significant reductions in costs when outsourcing is adopted however, the cyber risks need to be considered as well as if they can be mitigated and at what cost.
As the main motivation for out sourcing being cost reduction and specialised expertise at lower-value or peripheral functions, there is an increased risk that an enterprise’s capabilities might be exceeded by one or more of its providers in a data and intelligence driven world.
With more businesses becoming digital and moving their businesses to the cloud environment, the effects of a cyber security event are enhanced. Now threat actors are targeting cyber mature organisations through third-party suppliers to take advantage of this weakness.
Organisations cannot fairly assess and secure the whole landscape of their exposure potential as the field extends beyond their infrastructure to encompass part of the suppliers’ chains linked to other suppliers’ chains.
It is increasingly hard for companies to disassociate themselves from the digitised supply chain ecosystem.
What might have started as business effective and efficient arrangement can easily turn into an unhealthy dependency.
This can threatens competitive advantages and strategic plans on the business level and far more critical on the cyber security level to extend to personal data loss, financial loss, compromise of product integrity or safety.
CISA & FBI Recommend Affected MSP Customers Take Action
In the US both CISA and the FBI recommend MSP customers affected by this attack take immediate action to implement the following cyber security best practices. These include:
- Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organisational network.
- Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available.
- Implement multi-factor authentication.
Your organisation should urgently consider how to best manage the outsourced client-provider cyber security risks by establishing a client-provider trust approach, based on either the transparency-based view, the decision-theoretic view, or the market-based view.
CISA: Micheline Al Harrack: Antonio Drommi: Mckinsey: Emerald Insight: NetCov:
You Might Also Read:
The Cyber Security Risks Of Outsourcing: