Security Market Segment LS
Wednesday, 13 April 2016 12:15

Warning that service providers may be a security risk to companies


Companies allowing their service providers to access or hold sensitive or confidential data are sitting on a cyber-security “time bomb” unless they take smart action to manage the risk of the providers suffering a data breach, according to an IT governance professional.

Ewen Ferguson, managing director Australia for US-based global consulting firm, Protiviti, warned of the security risk to companies, cautioning that few companies fully appreciate that their service providers can be a weak link in their own data security, “and routinely fail to take adequate steps to prevent their data from being compromised via an attack on their providers”.

“Today, most if not all businesses outsource some of their functions - whether to a cloud technology provider, telemarketer, call centre or payment processor.   And doing this involves giving some data or systems access to those third parties.”

Ferguson says that contractors are an obvious vulnerability because they are often smaller firms with weaker security and, he cautions,”even some large service providers have relatively immature information security controls and practices”.  

“Companies often don’t monitor their partners’ or contractors’ access privileges and security processes as well as they do within their own boundaries.  Add to that, the fact that outsiders often bring their own hardware and software which may be ‘contaminated’ through use on other non-secure networks - and you have a clear security exposure.

“Yet, despite these risks, companies generally aren’t focussed on managing them effectively.  Vendor selection is still overwhelmingly directed at cost, quality and delivery.  ‘Risk’ is only a minor after-thought.”

Ferguson notes that the high profile breach of US mega-retailer, Target, which resulted in the theft of personal information including credit card details of 70 million customers and which cost the company upwards of US$200 million - reportedly originated with an email phishing attack on the company’s air conditioning contractor.

According to Ferguson, companies can outsource their business functions but cannot outsource their legal obligations to protect sensitive corporate and customer data.  “The only way to manage this is by exercising better control over your service provider relationships”.

Ferguson recommends that companies should start by developing a plan to manage their third party relationship risks.

“It’s best practice to establish a centralised function to manage third party relationship risks.  This is generally the best way to get complete visibility of everyone the company deals with and to prevent individual teams from establishing relationships that fall under the radar.

“The office should take stock of all existing partners, associates and suppliers and gain an understanding of who has access to what data.  There should also be a process to ‘red flag’ and manage parties requiring closer oversight based on criteria such as the sensitivity of the data they hold and the strength of their IT security and controls.”

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Peter Dinham

Peter Dinham - an iTWire treasure is a mentor and coach who volunteers also a writer and much valued founding partner of iTWire. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News