According to the forecast published by Gartner Research, we can expect a total of 6.4 billion devices connected online by the end of the year 2016, which is a 30 percent increase when compared to the previous year. In that sort of environment, questioning your cybersecurity comes natural. While we are well familiar with threats like third-party negligence, ransomware and poor cyber safety education of employees, there is also a completely new threat that we are facing in 2016 (and probably beyond). As it seems, outsourced workforce has become one of our primal threats. The rapid expansion of our network provides more room for attackers to maneuver in search for a weak spot. And while most companies invest in their security systems, the progress of implementation seemingly plateaued.
A recent PWC survey emphasizes the fact that 76 percent of the security experts and executives, all from the Fortune 500 US-based companies, are more worried about their security systems. This definitely presents a significant increase when compared to the previous year (56 percent).
So if the awareness of this “issue” is firm and constant among the great majority of the US-based companies, why are we still facing threats? Working with freelancers, and hiring business-to-business services, often leads to new breaches. In fact, 31 percent of the companies, surveyed by the PWC group, reported that they had a breach attempt during the last year. No matter how much your company does care about business ethics and safe relationships, you can never be absolutely positive that the other side is managing their end the way that they should be. The outsourced workforce has become one of the main cyber threats today. Even regular, in-house employees are getting more informed about necessary measures of protection, and compared to the previous years – awareness is on the increase. When it comes to cloud computing security measures adoption, there are still industries that are catching up slowly, but in general SaaS, PaaS and IaaS providers are facing more problems in the department of talent acquisition momentarily. The latest special report from Mandiant Consulting depicts this process in detail, such as how hackers are able to reach your IT infrastructure through your outsourced workforce, and even how they are able to maintain their presence for months or even years. In average, breaches of this sort get discovered after 146 days, if not more. Furthermore, according to the Gibson Dunn publication from May 2015, titled Privacy and Data Security in Outsourcing, 56 percent of the 42.8 million security incidents reported during the year 2014 happened because of the outsourced workforce negligence and misuse of data. The mismanagement of vital data by outsourced staff is a concern of a total of 81 percent of companies worldwide. From a total of 39 respondents of the PWC survey on this topic, a total of 36 percent reported that their own staff misused, at least, some data, both intentionally and accidentally. And while third-party suppliers have allegedly never harmed any company intentionally, 18 percent of them still breached and exposed vital data by accident. In 23 percent of the cases, organized crime is involved, and only 3 percent of the breaches happened because of malware. The conclusion: in the majority of this type of breaches your outsourced worker isn’t even aware that they are presenting a threat. Actually, the number one cause of all security issues comes from smartphones of your outsourced employees. While BYOD policies within companies are able to influence the type of data that they are sharing within the company, private devices get exposed to potential malware daily. The risk comes from all the websites that your worker is visiting, naturally, but the real problem lays in the method of how hackers are acquiring data. In some cases, you don’t even have to download a malicious application. Websites alone scan phones for information, and all that you have to do is visit the landing page. After acquiring the data needed, hackers are able to access your worker’s accounts, and therefore, enter your company’s private files. But even if the owners are mostly worrying about the direct threat that they are putting themselves into by letting outsourced parties access their data, the statistics speak in the favor of your outsourced workforce – in most of the cases, their devices are being misused by the third party. For instance, in the infamous case of Alex Holden, a CTO of Hold Security, he was accused of using his position to manipulate the clients, asking them to invest more in their security. After initial investigation by the officials, even the FBI allegedly got involved because of the possible security breach performed by a Russian hacker. A total of 4.5 billion credentials were stolen on the territory of the US. As Alex Holden explains it, the attackers initially bought passwords and accessed US businesses (both large enterprises and small businesses), collecting the data through social media accounts. You can find a thorough explanation here. However, the most notorious type of these threats, popularly named ransomware, will have to step aside for their successor, yet another type of ransom. The rising trend among hackers definitely is acquiring sensitive data, but they are not locking out owners from their accounts. On the contrary, the threat is far more perfidious – they are threatening to expose sensitive data by making it publicly accessible, like in the now famous case of JP Morgan, which was, interestingly enough, prominently involved in the aforementioned case of Alex Holden. Does that mean that you are in the clear if your books and methods are clean? Hardly. While we are responding to attacks and doing everything we can to sustain a malware-free environment within our IT infrastructure, it seems that hackers are always a step ahead. And we have only our stubbornness to thank for it. However, as we are entering the true era of Internet, taking our security standards into question and investing in cybersecurity in general should not be just thing the authorities do – it should be a priority for all of us, individually.
About the Author: James D. Burbank has spent more than a decade in the trade show industry, visiting all four corners of the world and helping Australian companies exhibit in various markets. He is currently the editor-in-chief at BizzMarkBlog, a business-oriented blog that is also trying to keep tabs on business technology. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock
