Back to

Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security

Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security

In today’s corporate environment, it is commonplace to outsource business operations functions to third-party suppliers for increased efficiency and to optimize internal resources. However, the added outsourcing benefits also carry significant cyber risk…

This report is published by Harvard Business Review and sponsored by FTI Consulting.  

Over the past decade, cyber incidents stemming from third-party suppliers have been growing in number—and sophistication. In the earliest incidents that attracted widespread attention, cyber actors pilfered personal identifiable information from large companies through fairly straightforward strategies, such as a 2014 breach involving stolen network credentials from subcontractors that handled heating and air conditioning. Since then, third parties have evolved from being a way to target a single company to a back door to an organization’s portfolio of customers. In late 2020, for example, advanced cyber actors implanted source code into a software vendor’s code repository, gaining access to the data of hundreds or even thousands of the vendor’s customers, including U.S. federal agencies, critical infrastructure entities, and high-profile organizations.

Business executives, including CSRI Director Damien Manuel, discuss the issues facing organisations with regards to third-party cyber risk.

Click here to read the complete HBR article (PDF)


Collaborate with us

Deakin Cyber engages with industry and government through collaborative research projects that have real-world impact, and our HDR Program prepares candidates to become tomorrow’s leaders in cyber security.

Subscribe to our mailing list

Stay up to date on the latest news and events from CREST