Canadian Cyber Security Journal
SOCIAL:
Filed under: Trends

Cybersecurity Worries Bleed into Outsourcing Universe

Cybersecurity has always been a relevant topic to outsourcers and the Nearshore at large. By its nature, companies in the industry employ the services of a wide network of third party providers, stretched broadly across geographies and segments.

While only those in the industry may be familiar with the issue of concentration risk that many experts are now cautioning against, anybody who has glanced at their cellphone or turned on television news over the pandemic period has seen the rise of cyberattacks in the digital space.

But for company bosses worried about their company’s cybersecurity exposure, Christos Kalantzis, Chief Technology Officer at SecurityScorecard, a leading cybersecurity risk monitor and rater used by vendor managers to assess third-party risk, has some good news.

“Hackers are innately lazy and will move onto the next target if the barrier to entry is too high,” he told Nearshore Americas recently.

For that reason, it’s vital that Nearshore companies perform simple steps to protect their digital footprint.

Intrusions Escalate

Even before locks, hacks had hit some of outsourcings biggest names. In 2019, Indian outsource giant Wipro was hit by attackers who “were able to install remote access tools and get into the network of Wipro’s clients,” reported the Identity Management Institute (IMI). Aside from damage to its reputation and probable financial cost and/or penalties, the hack also cost the company a planned contract with the State of Nebraska to help upgrade its Medicaid enrolment system, said IMI.

KrebsOnSecurity, an IT security industry news portal, reported that the same phishing campaign that hit Wipro targeted some of its well-known competitors, including Infosys and Cognizant.

Phishing, a form of fraud by which intruders send emails purporting to be from genuine companies or individuals to introduce malware into a system or pursued a recipient to give up personal information, has become a rich vein for hackers to tap during work from home. In March 2020 as workforces made a wholesale adaption to fully-digital communication, there was a whopping 2,000% increase in malicious files that had “Zoom” in their name, while spear-phishing (email scams targeted at one specific or business) jumped 667%, according to Barracuda.

With such a jump in numbers, cybersecurity is difficult to guarantee. Even with companies extending the reach of their PCI compliance strategies into the home environment, few IT securities are ever completely secure.

Even simple errors can be costly; the Colonial Pipeline hack that paralysed the fuel supply of large parts of the US’ East Coast in May was caused by hackers stealing a single password.

Cybersecurity in a Changing Landscape

According to Kalantzis, the cybersecurity landscape is changing. While the arrival of Covid-19 did accelerate corporate progress in digital transformation, the world was already heading along the path towards greater digital reliance. This has reshaped how we think about tech, Kalantiz argues.

“We used to think ransomware attacks targeted tech companies. But now, every company is a tech company. Every company has a component that is tech-based. That may be e-commerce or electronic data interchange. This is today’s reality,” he said.

While full suite security standards can price smaller Nearshore companies out of the market, there are simply steps that help dissuade hackers from attempting to do damage to a company’s IT systems. Because hackers usually send out ‘waves’ of attacks to gauge which systems are vulnerable and therefore worthy of persistent effort, companies should raise their cybersecurity standards to put them out of harms way, says Kalantzis. Hackers don’t want to be made to work hard.

They know there is a whole sea of low barrier targets so they need not waste time and effort on one particular company. This is why the recommendations we provide are important,” said Kalantzis.

Enjoy this article? Don’t forget to share.