Welcome to our Blog

The Rise of Outsourcing: Benefits and Challenges

Outsourcing, a business practice in which companies delegate tasks to people outside the

organization, is on the rise. Estimates suggest that one in six jobs in the United States – or

almost 20 million positions – are subcontracted. 1 This blog post explores the advantages

that outsourcing offers and describes the biggest challenges of this approach.

 

The benefits of outsourcing

Why do companies outsource? Outsourcing helps businesses get the most out of their

employees, as delegating tasks to an outside agency enables employees to focus on what

they excel at, while external workers complete the tasks that employees aren’t equipped

to handle. Outsourcing is especially useful when a company needs a one-time service,

such as launching a marketing campaign; in these situations, it does not make sense to

hire a new employee just to complete the task. Most importantly, outsourcing a service is

cheaper than paying employees to perform that function: the salary of in-house

employees is higher, they require benefits such as insurance and paid vacations, and

necessitate expenses such as education, computers, and other office supplies. 2

 

The social costs of outsourcing

While outsourcing can be a boon to businesses looking to save money and increase

efficiency, the practice has dramatically damaged middle class workers. For instance, in

America, many occupations are outsourced not only to cheap-labor countries like China

but also to third party contractors in the US. This trend of outsourcing has led to

numerous layoffs of workers and has generally driven down the cost of labor. Thus, the

growth of outsourcing is a major contributor to the decline of the American middle class,

which has recently fallen from 61% of the population in the 1970’s to below 50%. 3

 

The risks of outsourcing

Outsourcing can benefit companies in a variety of ways, but there is also a significant

amount of risk involved with delegating tasks to third-party contractors. Agents of a third

party are often given access to company data and may not be trustworthy; they are liable

to mismanage or even steal this sensitive information. In fact, according to the 2013

Trustwave Global Security Report, third-party IT staffs were responsible for 63% of data

breaches. 4 In order to avoid data breaches caused – directly or indirectly – by outsourcing

companies, businesses must choose third-party partners carefully. Moreover, it is crucial

for outsourcing companies to monitor their employees’ computer activity to ensure that

they are not intentionally pilfering data or unintentionally making it vulnerable for

exploitation by hackers.

  1. http://www.latimes.com/business/la-fi- outsourcing-middle- class-jobs- 20160630-snap-story.html
  2. http://www.business.com/management/7-signs- that-its- time-to- try-outsourcing/
  3. http://www.latimes.com/business/la-fi- outsourcing-middle- class-jobs- 20160630-snap-story.html
  4. http://www.computerweekly.com/news/2240178104/Bad-outsourcing- decisions-cause-63-of- data-breaches

An Inside Job: Reflections on the Rise of the Insider Threat

The insider threat is quickly becoming one of today’s biggest cyber security challenges.

This blog post introduces the concept of the insider threat, and explores how the

prevalence and awareness of this phenomenon have increased in recent years.

 

What is the Insider Threat?

The insider threat refers to the security threat that employees pose to an organization.

Employees often have access to their organization’s computer systems and information,

and thus have the ability to mismanage and even steal sensitive company data. 1 CA

Technologies names three types of insider threats: “malicious insiders” deliberately steal

information or sabotage a company’s computer systems, “exploited insiders” are

unwittingly tricked by external parties into providing passwords and data, and “careless

insiders” accidentally delete or modify important information. In today’s data-driven

workforce, theft or destruction of data can be catastrophic for a company. 2

 

The Rise of Insider Threats

The latest research shows that the number of security breaches from insiders is growing.

83 percent of executives polled in EY’s Global Forensic Data Analytics Survey in 2016

stated that insider threats and cyber breaches posed the biggest risk to companies

becoming a victim of fraud, corruption, or data loss. 3 Similarly, the 2015 Insider Threat

Spotlight Report noted that 62 percent of security professionals report that insider threats

have become more frequent in the last 12 months. 4 In fact, insider threats have overtaken

external attacks as the greatest cyber security risks: the IBM 2015 Cyber Security Index

revealed that insiders commit 55% of all security breaches, compared to 45% perpetrated

by outsiders. 5

 

Increase in Coverage on Insider Threats

Insider threats have historically been overshadowed by external threats. A 2015 article by

Info Security observed, “Insider threats aren’t recognized as the gaping issue that they

are.” However, as insider threats have grown in prevalence, they have received more

coverage, as cyber security authorities (such as those referenced in this article) have

publicized the issue. Articles like SC Magazine’s 2015 piece, “Report: Insider Threat

More Dangerous Than External Risks,” have become increasingly common. 6

 

 

How to Prevent Insider Threats

While insider threats are posing an increasingly large threat on companies, there are

certain measures that companies can implement in order to prevent – or at least mitigate –

the insider threat. Firstly, companies should thoroughly screen all job applicants to ensure

that they only bring in employees that can be trusted with sensitive data. It is also

important that businesses provide employees with computer security training and

education in order to reduce the likelihood that employees accidentally mishandle data or

give away sensitive information to external attackers. 7 Most importantly, companies

should install a cyber security platform that monitors employee computer use and alerts

them when they are exhibiting suspicious or damaging activity.

 


 

  1.  https://digitalguardian.com/blog/what-insider- threat-insider- threat-definition
  2.  http://www.ca.com/content/dam/ca/us/files/white-paper/dealing- with-insider- threats-to-cyber-security.pdf
  3.  http://www.computing.co.uk/ctg/news/2442565/malicious-insiders- the-fastest- growing-threat-to- cyber-security- warns-report
  4.  http://www.infosecbuddy.com/wp-content/uploads/2015/06/Insider- Threat-Report-2015.pdf
  5.  https://essextec.com/wp-content/uploads/2015/09/IBM- 2015-Cyber- Security-Intelligence-Index_FULL- REPORT.pdf
  6.  http://www.scmagazine.com/report-insider- threat-more- dangerous-than- external-risks/article/455117/
  7.   https://www.darklightcyber.com/blog/fighting-insider-threat

We are always happy to hear from you.