A recent report from Osterman Research shows that organizations with global subsidiaries have a greater chance of being compromised by cyber-attacks.
Recently, M&As have been gaining increased traction. While the COVID temporarily decreased the number of deals, it is again accelerating at a rapid pace in today’s post-pandemic world. However, having a lot of subsidiaries isn’t a good thing when considering cybersecurity.
As per a recent Osterman Research “Managing Risks from Subsidiaries: Goals, Friction and Failure” 2021 report, global enterprises with multiple subsidiaries are a higher threat of cyber threats and find it difficult to manage risk than the ones with no or fewer subsidiaries. Commissioned by CyCognito, the report surveyed 201 organizations that have minimum 10 subsidiaries and at least 3000 employees or a US $ 1 billion revenue.
While still being confident about effectively managing subsidiary risks, nearly 67% of all respondents admitted their organizations had either become victim to a cyber-attack where the attack chain contained a subsidiary or lacked the ability or data to prevent it occurrence.
Around 50% of the respondents stated that they wouldn’t be surprised if they suffered from a cyber-breach in the near future. If the subsidiary opts for not letting their parent organization know about the exposed assets and data sources, the vulnerabilities can get overlooked and become a significant issue later on.
Subsidiaries are at a considerable security risk
According to the Osterman Research report, complex onboarding procedures, lengthy and infrequent management operations, focus on compliance at the expense of security, the excessive usage of manual tools and lags among remediation are the major roadblocks for managing subsidiary risks. It highlighted that organizations are more focused on compliance aspects of monitoring subsidiary risks than the security aspects themselves, leaving gaps when it comes to onboarding and managing subsidiaries, thus making them more prone to cyber-attacks. The respondents of the survey stated that the pandemic-forced digital transformation (69%) and well surge in high-profile supply chain breaches (56%) across the world are the most important concerns for subsidiaries.
Only 5% of respondents confirmed that they have a mature onboarding process in place that allows them to seamlessly integrate new business units. The rest of the respondents complained that they are burdened with tremendous workloads both at the parent organization and the subsidiary side of the enterprise business.
Taking a lot of time to measure risks
Measuring risks associated with subsidiaries can take a significant amount of time. In fact, 54 % of the organizations in the report stated that it currently takes one to three months for 54% of all the organizations. 71% of the respondents hoped to reduce the time frame to a day or less. But identifying risks is not the only concern. Nearly 73 % of respondents stated that there’s also a lag between detection of a security gap and respective processes for its remediation. This lag provides a lucrative opportunity for malicious actors to launch their cyber-attacks.
The Osterman Research report highlighted that organizations with a larger portfolio of subsidiaries are 50% more likely to take longer than a month to remediate detected security gaps than those with few subsidiaries.
The stats from the Osterman Research highlights how being a larger organization isn’t without its risk. As cyber-attacks continue to evolve along with a surge in volume, especially for organizations with subsidiaries, CISOs should reevaluate the cybersecurity infrastructure in place. They should continue to push for more vulnerability management and penetration testing to identify the vulnerabilities across the board. Moreover, they should find efficient ways to handle stretched network architecture due to the addition of subsidiaries. In conclusion, organizations, along with advancements in their technological infrastructure and reaping the additional benefits that a subsidiary yields, should also keep in mind the cybersecurity risks that come with it.
For more such updates follow us on Google News ITsecuritywire News