Checking on cybersecurity practices

A recent survey of corporate security executives by Accenture and HfS Research, Ltd stressed how vulnerable companies are to attempted or completed data theft or corruption by “ecosystem partners” like outside HR, administrative or facilities contractors.  Regional variations stood out, the study said:  Vetting of the security procedures of outside partners in India “is consistently 10 to 15 points higher than the average, while Latin America had marginally higher levels of existing SOP for credit and marketing partners.”  The surveyed companies screened the cyber-capabilities of bankers and financial partners almost three-quarters of the time, but did the same with outsourced contractors only about 27% of the time, the Accenture-HfS report said.  Many vendors and outside contractors naturally resist their customers’ demands for details about cyber-security processes, the report said, but the resistance likely will fade, “as credit ratings and cost of insurance increasingly depend in part on the ability of an enterprise to secure the complete ecosystem,” including vendors, contractors and consultants.  One example of a breach that the study did not mention but which is widely known:  In 2013 hackers seized the private data of tens of millions of customers of retailer Target by stealing the credentials of Target’s HVAC contractor.  The report said, “an enterprise is only as secure as its least secure partner, a key point in several major security breaches over the past few years.”