I was browsing some blog posts this morning and came across one on The Dark Visitor which is a site focusing on Chinese Hackers. The post was about how China’s cyber warfare efforts have caused India’s military to step up their own cyber defense capabilities.
This may seem to be an international political issue but does your company outsource anything off shore? Do you offshore to India? Do your partners? Do you really know where your critical information is once it leaves systems under your direct control? Do you verify that your outsourcing company protects your information at least as well as you do?
Let’s forget for a minute that the attacker is China (Honestly they’re just an easy target for my attention; there are other countries that have information warfare programs.); let’s forget that the target in this case is India. The real point is that critical information is at risk once it has left the corporate environment. By outsourcing, companies are delegating responsibility for protecting the information but in the end they cannot truly transfer this responsibility.
It is not enough to include clauses in a contract that mandate the protection of your critical information, you must audit and verify that your partner (be they domestic or international) is conforming to how you mandate your information be protected. Outsourcing can bring great savings but along with that savings comes additional Risk. Have you considered the additional risk?
Entries (RSS)