Sunday, May 24, 2015

Outsourcing/Offshoring and Cyber Threat - Why and How?

Outsourcing/Offshoring are solutions for lot of issues that businesses face, for example: - Cheaper human resources, - Infrastructure convenience, - Knowledge & skills and - Higher growth potential of businesses. By outsourcing the day to day back-office tasks, the business owner has more time to focus on generating income. However, taking into consideration today’s cyber threats, if cyber security standards are not uniformly upheld by the third party, the outsourcing/offshoring of business processes and supply does not come without risks. Risks of: - Identity theft, - Loss or destruction of sensible information and intellectual property, - Unauthorized access to the network service, - Infection with malicious code etc. Moreover, key risk that many businesses face when outsourcing/offshoring is that they themselves are not aware of what controls and policies should be adhered to by the third party. The real question ponder upon is: - Are financial saving the sole aim of outsourcing or has cyber security been factored into the third party considerations? - Even if cyber security has been taken into account, is it purely from a technical perspective, or has the effect on the overall business value chain been considered?

Outsourcing/offshoring are the realities of today’s businesses and it is essential for the decision makers to do the diligence in terms of risk assessment. Remember, there is always an answer to a problem, and threats to cyber security from outsourcing/offshoring can also be reduced, if not fully mitigated, by implementing various countermeasures. So what is the answer to the Cyber Security risk posed by Outsourcing/Offshoring? - Implement cyber security policies, procedures and guidelines for outsourcing / offshoring arrangements in accordance with the industry best practices i.e. NIST Cyber Security Frameworks, ISO 27K series and also includes risk assessment, threat profiling with respect to vendor / geographical locations respectively. - Ensure to contractually embed the necessary information security, business continuity and privacy controls to ensure continued compliance with internal policy and regulatory burdens. - Consider non-sensitive operational areas to be outsourced/offshored. Don't outsource something just because you don't want to do it. Sometimes there are things you don't want to do but they are important to your core business." Even experienced optimists accept that an information security incident is inevitable as 100% security is unachievable and there is no silver bullet; recognition of a long-term risk based approach is necessary. An example of outsourcing might be the IT support for your network. You may not be able to afford or need a full-time IT person, and it is easier to change to an outsourced provider with the right skill set as your IT needs change.
at
Labels: , , , ,

9 comments:

  1. UnknownOctober 28, 2016 at 2:29 AM

    RPO Services arranges it’s Technical Expertise to scrap data and CVs from multiple Job Boards networking sites. Data sourcing services is one of the demanding services in service delivery domain.
    visit: www.rposervies.com

    ReplyDelete
  2. Begum RumaJune 4, 2017 at 12:05 PM

    If you are planning to outsource somebody for your blog, might as well get the whole package. There are outsourcing firms out there that specializes in Internet marketing that you can take advantage of.Online lead generation

    ReplyDelete
  3. UnknownApril 6, 2018 at 5:16 AM


    It is really a great and useful piece of info. I’m glad that you shared this helpful info with us. Please keep us informed like this. Thank you for sharing.

    Information Outsource

    ReplyDelete
  4. techhighwayMarch 7, 2019 at 2:47 AM

    This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work.
    software maintenance company pune

    ReplyDelete
  5. john sethJuly 26, 2019 at 9:43 PM

    Very Good contentcustom software development company

    ReplyDelete
  6. BizWizJanuary 17, 2023 at 6:12 PM

    Well explained. Thanks for sharing. Offshoring / outsourcing really evolves fast.. Now they are also putting AI ( Artificial Intelligence)
    I saw this interesting article Offshoring’s Applications of Artificial Intelligence https://isupportworldwide.com/innovative-applications-of-artificial-intelligence-in-offshoring/

    ReplyDelete
    Replies
    1. AnonymousJanuary 17, 2023 at 9:19 PM

      I came across to your shared link... and it is quite informative... with regards to this topic I saw interesting.
      https://isupportworldwide.com/a-guide-to-data-breach-prevention/

      Delete
  7. AdminJune 29, 2023 at 1:22 AM

    Outsourcing and offshoring are business strategies that involve the delegation of specific tasks, processes, or functions to external parties, often located in different countries. While these terms are closely related, there are some differences between them: Technical support outsourcing

    ReplyDelete
  8. Ashish SahOctober 10, 2024 at 5:27 AM

    Outsourcing can be a great solution for businesses to cut costs and focus on core tasks, especially through IT outsourcing services and an offshore development centre. However, cyber security risks must be considered. Implementing strong security policies, using industry standards like NIST, and contracting the right controls can help protect against threats like data breaches and unauthorized access.






    ReplyDelete

Subscribe to: Post Comments (Atom)