sb-au logo
Story image

Third party guidelines triple chances of receiving compensation after attacks - survey

A new survey from Kaspersky has revealed the importance of dedicated policies and protocols for third party contractors working with IT companies.

According to the research, of the organisations surveyed which did not have specific data usage guidelines for partners and subcontractors, only 22% received compensation after a supply-chain attack, or incident that affected suppliers they share information with.

In comparison, 71% of enterprises of the same size which did have regulations in place reported receiving compensation.

According to Gartner research, the same percentage (71%) of organisations have more third parties in their network than they had three years ago, and the same amount expect this number to grow in the next three years. 

In order for subcontractors to fulfil their work obligations, companies often allow them access to their sensitive data and IT assets.

Kaspersky's IT Security Economics report revealed that 79% of enterprises have special policies in place explaining to partners and suppliers how to work with shared resources and data, as well as any penalties they may incur. 

According to the survey, damage from incidents is estimated to cost US$2.57 million on average, with data breaches among the three costliest problems faced by enterprises. 

Kaspersky researchers also discovered a number of sophisticated supply chain attacks including ShadowPad.

One of the main benefits of implementing third party policies is that they solve issues around accountability by defining the areas of responsibility for both organisations involved. 

Consequently, it increases the chances that a company will get compensation from a supplier that becomes an entry point for an attack. 

Policies boost the likelihood of compensation amongst small and medium-sized businesses (SMBs) as well. For instance, 68% of SMBs with policies received money, compared to only 28% of those who didn’t implement rules for their subcontractors.

The survey did not indicate whether data breach policies make supply chain attacks any less frequent. 

Almost a quarter (24%) of enterprises that implemented special IT policies for third parties experienced a data breach because of a cybersecurity incident affecting suppliers, and only 9% of companies without such rules confirmed that they had suffered an attack.

“The results of our survey may seem rather paradoxical with enterprises with special policies saying they have experienced supply chain attacks more often,” says Kaspersky head of B2B product marketing Sergey Martsynkyan.

“However, we can suggest that a business with a wider network of third party organisations will pay more attention to this area, which results in implementing specific guidelines,” says Martsynkyan.

“Nonetheless, a vast network of subcontractors may make such data breaches more likely. Besides, organisations with third party policies can more accurately determine the causes of a particular breach.”

To stay protected from supply chain attacks, Kaspersky recommends taking the following security measures:
 

  1. Regularly update your list of all partners and suppliers, as well as the data they can access. Ensure that they only have access to the resources they need to carry out their work. Confirm that organisations that don’t collaborate with your company are excluded and cannot access or use data and assets.
     
  2.  Provide all third parties with the requirements they should follow including compliance and security practices.
Story image
How to stop your data lake from turning into a data swamp
Collecting data is easy – it’s gleaning the intelligence that’s the difficult part. More
Story image
APAC consumers not taking ownership of their data, study finds
The majority of consumers in the Asia Pacific (APAC) region expect businesses or governments to protect their data, according to a new F5 research report titled Curve of Convenience 2020: The Privacy-Convenience Paradox. More
Download image
Why there's a huge push for NFV in today's enterprises
To help networking and IT professionals better understand the opportunities and challenges associated with deploying NFV technology, new research based on responses from more than 1,300 IT and networking professionals from around the world is now available. More
Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More
Story image
Why greater network visibility is needed to reduce the threat posed by IoT in the enterprise
At home and abroad, organisations have joined the rush to embrace Internet of Things (IoT) technology, but a new survey shows they’re only just beginning to wake up to the enormous risk those devices pose, writes ExtraHop A/NZ Regional Sales Manager Glen Maloney.More
Link image
How to increase efficiency in managing security operations
As cyber-threats evolve and become more innovative, so too must their targets. Here's how to enable continuous enforcement across the network.More