No Compensation After a Cyberattack in the Absence of Third-party Policy

Security Brief | February 10, 2020

  • Kaspersky's report revealed that 71% of enterprises with a third party policy reported receiving monetary recompense after an incident, compared to only 22% who did not have regulations in place.

  • Damage from incidents is estimated to cost $2.57m on average, with data breaches among the three costliest problems faced by enterprises.

  • One of the main benefits of implementing third party policies is that they solve issues around accountability.


Kaspersky IT Security Economics report took almost 5,000 business decision-makers willing to share their thoughts on cybersecurity and their firms’ attitudes about cyberthreats.



The results emphasize on the importance of dedicated policies and protocols for third-party contractors working with IT companies.



Does the concern make any sense?


According to Gartner's research, 71% of organizations have more third parties in their network than they had three years ago – and the same amount expect this number to grow in the next three years. For subcontractors to fulfill their work obligations, companies often allow them access to their sensitive data and IT assets.



Kaspersky's survey laid down surprising facts. It showed that only 22% of organizations that do not have specific data usage guidelines for partners and subcontractors received compensation after a supply-chain attack, or incident that affected suppliers they share information with. In comparison, nearly three-quarters (71%) of enterprises that have specific data usage guidelines for partners and subcontractors received compensation after an incident that affected suppliers they share information with.



The results of our survey may seem rather paradoxical with enterprises with special policies saying they have experienced supply chain attacks more often. However, we can suggest that a business with a wider network of third party organizations will pay more attention to this area, which results in implementing specific guidelines.

- Sergey Martsynkyan, Head of B2B Product Marketing, Kaspersky.


The report revealed that 79% of enterprises have special policies in place explaining to partners and suppliers on how to work with shared resources and data, as well as any penalties they may incur.  The concerns do make sense.  According to the survey, damage from incidents is estimated to cost $2.57m on average, with data breaches among the three costliest problems faced by enterprises.Several sophisticated supply chain attacks including ShadowPad were discovered by the researchers.



A vast network of subcontractors may make such data breaches more likely. Besides, organizations with third party policies can more accurately determine the causes of a particular breach.

-Sergey Martsynkyan, Head of B2B Product Marketing, Kaspersky.


 

The report suggests that one of the main benefits of implementing third party policies is that they solve issues around accountability by defining the areas of responsibility for both of the organizations involved. It also increases the chance of receiving compensation from a supplier that becomes an entry point for an attack.



Third-party policies also play well for SMBs. For example, 68% of SMBs with policies in place received compensation compared to 28% of those who did not have policies.



READ MORE: A framework for measuring Infosec as a business function



The Kaspersky report makes the following recommendations:

1. Regularly update your list of all partners and suppliers, as well as the data they can access. Ensure that they only have access to the resources they need to carry out their work. Confirm that organizations that don’t collaborate with your company are excluded and cannot access or use data and assets.
2. Provide all third parties with the requirements they should follow – including compliance and security practices.


3.Kaspersky offers Kaspersky Anti Targeted Attack that can detect advanced attacks that may have gone under the radar of perimeter protection solutions, including supply chain attacks, at an early stage.

 

 

READ MORE: Nine steps to Cybersecurity

About the survey


The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) is a global survey of IT business decision makers, which is now in its 9th year. A total of 4,958 interviews were conducted across 23 countries. Respondents were asked about the state of IT security within their organizations, the types of threats they face and the costs they have to deal with when recovering from attacks. The regions covered include LATAM (Latin America), Europe, North America, APAC (Asia-Pacific with China), Japan, Russia and META (Middle East, Turkey and Africa).



Spotlight

Cybersecurity researchers and faculty at Georgia Tech discuss their approach to solving the grand challenges of the information age and the benefits of a master's degree in information security.

Spotlight

Cybersecurity researchers and faculty at Georgia Tech discuss their approach to solving the grand challenges of the information age and the benefits of a master's degree in information security.

Related News

DATA SECURITY

Infotecs' ViPNet Cyber-Security Solutions at GISEC

Infotecs ViPNet | May 21, 2021

Infotecs, a number one international cybersecurity, and threat intelligence platform provider will present its ViPNet IT security solutions at GISEC from May 31 to June 2, 2021, in Dubai, United Arab Emirates. The number of cyber-attacks has increased since 2020. Cybercriminals are taking advantage of the uncertainty of a worldwide pandemic and remote work. That's why protecting the transmission of sensitive data via mobile devices also as all IP-enabled devices are important today. the danger for companies is just too great that data of any form (voice or text messages, IP video data, exchanged business-critical documents, etc.) are going to be intercepted or may be manipulated by cybercriminals. At GISEC in Dubai at the top of May, Infotecs will present ViPNet mobile security solution. It provides market-leading secure enterprise communication tools with the strongest available encryption combined with maximum convenience, functionality, and usefulness. ViPNet provides fast, easy to use, reliable yet secure communication via email, chat, video, and voice calls (VOIP). Our pure software-based solutions deliver superior security intentionally supported symmetric key and point-to-point encryption approaches. The "Always On" solution provides fast & reliable secure connectivity even over low bandwidth or mobile networks. "The pandemic accelerated the increase of the digital economy and made governments around the world rethink how various industries operate. headquarters workspace became the New Normal," explained Josef Waclaw, CEO of Infotecs GmbH. "With our innovative solutions like ViPNet Threat Detection & Response or ViPNet Mobile Security solutions, we will help many business players build a strong, cyber-resistant ecosystem." The Gulf Information Security Expo and Conference (GISEC), the Gulf region's largest cybersecurity forum, has been held annually at the Dubai World Trade Centre since 2013. GISEC provides web security professionals from around the world the chance to seek out innovative solutions, share insights with industry experts, and equip themselves with the proper tools to guard their businesses against ever-increasing cyber-attacks.

Read More

ENTERPRISE SECURITY

AE Industrial Partners Acquires PCI, a Leading Provider of Cybersecurity IT Solutions for the Intelligence and Defense Communities

prnewswire | October 26, 2020

AE Industrial Partners, LP , a private value firm specializing in Aerospace, Defense and Government Services, Power Generation, and Specialty Industrial markets, declared today that it has obtained PCI , a main supplier of cybersecurity, PC network operations , cloud, systems designing, enterprise IT, and information analytics to the knowledge and defense communities. Terms of the transaction were not disclosed. The acquisition of PCI represents AEI's ninth stage investment in AE Industrial Partners Fund II, LP, which closed in 2018 with $1.36 billion in value commitments, and the thirteenth transaction closed by AEI in 2020. PCI is an exceptional stage investment for AEI as the firm continues its energy and ongoing success in the Defense and Government Services market, and will furnish PCI with extra venture into the defense, knowledge, and public security communities. PCI is an innovation focused organization that provides cybersecurity and CNO, cloud designing and IT infrastructure, information analytics, and system designing solutions and services. PCI is a trusted advisor to the U.S. Insight Community, Department of Defense, and Federal Government, creating driving edge mission solutions using rising technologies and demonstrated practices to solve the most intricate cybersecurity, cloud, and enterprise IT challenges of its customers. Established in 2008 via Sean Battle, Don Whitfield, Josh Kinley, and Vance Mitzner, PCI is based in Columbia, Maryland, with extra operations all through the United States and all around the world. The Company has been named a best work environment by the Baltimore Sun, selected for the 2020 Inc. 5000 list of fastest-developing privately owned businesses in America, and has also been perceived for its responsibility to network inclusion and commitment. "PCI is a trusted provider of critical technology services in support of some of the most enduring national security missions across the federal government," said Jeffrey Hart, a Principal at AEI. "Cyber threats faced by the defense and intelligence communities are at an all-time high, and the government can't afford to lag our adversaries in critical technology domains such as cyber and computer network operations, where PCI excels. We believe that PCI, with its full spectrum of solutions and premier relationships, is well-positioned and aligned with the national security community's most strategic priorities. We look forward to working closely with the world-class team at PCI." "With the backing of AEI, we will have the resources to invest in the technology and talent required to meet the growing needs of our customers," said Sean Battle, CEO of PCI. "AEI knows our sector well, and we are confident that PCI will reach its next level of growth with their guidance, relationships, and partnership." "We are very excited to partner with Sean and the rest of the PCI team," said Kirk Konert, Partner at AEI. "They have built a great platform in their core intelligence and defense end markets and have a depth of experience supporting customers on missions critical to national security. We look forward to working with PCI and accelerating the growth of the business." Kirkland and Ellis LLP served as lawful advisor, and Ernst and Young LLP served as budgetary advisor to AEI. Miles and Stockbridge P.C. served as legitimate advisor, and Aronson Capital Partners served as money related advisor to PCI. About PCI Founded in 2008, PCI is a technology-focused company that provides cybersecurity and CNO, cloud engineering and IT infrastructure, data analytics, and system engineering solutions and services to the federal government and intelligence community. Based in Columbia, Maryland, and with a corporate office and training facility in Lexington, Massachusetts, PCI operates in 14 states and internationally. For more information About AE Industrial Partners AE Industrial Partners is a private equity firm specializing in Aerospace, Defense & Government Services, Power Generation, and Specialty Industrial markets. AE Industrial Partners invests in market-leading companies that can benefit from our deep industry knowledge, operating experience, and relationships throughout our target markets.

Read More

Odix releases filewall for microsoft 365 mail attachments (firewall for files)

prnewswire | September 14, 2020

odix, an Israel-based cybersecurity leader in enterprise CDR (Content Disarm and Reconstruction) technology, has officially launched FileWall for small and medium-sized businesses (SMBs).  FileWall provides effective malware-disarming capabilities against file-based attacks, leveraging cutting-edge technology previously available only for enterprises. With 62 percent of cyberattacks targeting SMBs resulting in 60 percent of them going out of business within six months, a new cybersecurity solution had to come to the market and at an attractive price point for SMBs.

Read More