The data supply chain will pose continuing challenges to even the most sophisticated enterprises.
It is not unusual for companies to store or process the data they collect by using third parties. However, the security that these third parties use to safeguard their client’s data is frequently not understood until there is a breach. Additionally, companies may believe that their subcontractors will notify and assist them in the event of a breach. Unfortunately, this is often not the case. Companies will need to vet their subcontractors closely and get specific as to the technical and legal roles and responsibilities of their subcontractors in the event of a breach.
“Kroll has responded to breaches where subcontractors not only failed to provide timely notice that they were breached, but also refused to cooperate with the investigation. Companies should know who they are giving their data to and how it is being protected,” said Tim Ryan, managing director and Cyber Investigations practice leader. “This requires technical, procedural, and legal reviews.”
Kroll, a global leader in risk mitigation and response solutions, recently released its third annual Cyber Security Forecast, a prediction of the most significant cyber issues organizations will confront in 2014. The latest forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks.