3rd party policies make compensation easy post 1st point attack

(IANS) Nearly three-quarters , around 71 percent, of enterprises that have specific data usage guidelines for partners and subcontractors received compensation after an incident that affected suppliers they share information with, says a new report from cybersecurity firm Kaspersky.

In comparison, only 22 percent of organizations of the same size who do not have regulations in place reported this to be the case.

“Small and big enterprises now more than ever need to be prepared for the evolving threat landscape as the Government is ready to make India a Digital Nation and enterprises are the backbone of the economy. Businesses should maintain strict guidelines when involving with third-party providers and should have an even stronger cybersecurity framework in place to mitigate the risks of supply chain attacks,” Dipesh Kaura, General Manager, Kaspersky South Asia said in a statement.

Additionally, Kaspersky”s IT Security Economics report revealed that 79 percent of enterprises have special policies in place explaining to partners and suppliers how to work with shared resources and data, as well as any penalties they may incur.

Their concerns make sense as, according to the survey, damage from incidents is estimated to cost $2.57 million on average, with data breaches among the three costliest problems faced by enterprises. Kaspersky researchers has discovered a number of sophisticated supply chain attacks including ShadowPad.

One of the main benefits of implementing third party policies is that they solve issues around accountability by defining the areas of responsibility for both of the organisations involved.

71 percent of enterprises with a third party policy reported receiving monetary recompense after an incident, compared to only 22 percent of peers who did not have regulations in place.

Policies boost the likelihood of compensation amongst SMBs as well. For instance, 68 percent of SMBs with policies received money, compared to only 28 percent of those who didn’t implement rules for their subcontractors.

Was it worth reading? Let us know.