Nacionalinis kibernetinio saugumo centras

Cyber security: How can the nation help ensure the management of third parties (contractors)?

2023 m. rugsėjo 7 d. - 2024 m. kovo 1 d.

Problema

The National Cyber Security Center (NCSC) reported and observed data showing that in 2021, the number of cyber incidents in Lithuania remained similar to 2020. However, there was an increase in larger and more complex incidents, which have a more significant negative impact. This trend is of serious concern because the consequences of such incidents can have long-term effects on both public and private sector entities.

According to the presented data, cyber incidents involving third parties are a major problem globally and can significantly impact businesses financially. In 2021, 39% of major organizations worldwide reported being impacted by a third-party cyber incident in the past two years¹. Research by “Kaspersky” revealed that third-party incidents were the costliest corporate data breaches in 2021, with an average financial impact of $1.4 million USD per event, marking it as the most expensive incident type to date². Furthermore, a report from “CRA Business Intelligence” indicates that 66% of organizations have seen an uptick in third-party security incidents in the past 12 months³.

Managing third parties represents one of the most intricate areas within the realm of cyber security. While the NCSC is the primary institution overseeing cyber security in Lithuania, its activities are mainly centered around ensuring the security of state and municipal institutions. Conversely, the security of third parties like contractors and suppliers is not as robust due to the absence of regulatory measures and standards that could be applied in this sector.

Currently, Lithuania lacks clear regulatory structures and procedures that would facilitate the effective management of third-party cyber security. This means that despite having strong cyber security measures in state institutions, the private sector, along with its third-party partners, remains exposed to potential security breaches and threats. These risks cannot be adequately addressed without established regulatory and cooperative mechanisms.

Tikslas

A collaboration between the public and private sectors is crucial for the effective governance of third parties in cyber security. However, for this partnership to be successful, there’s a need to put forth clear operational principles and regulatory guidelines. These measures will ensure that third parties comply with the necessary security standards and procedures. Implementing such standards will not only diminish cyber threats but also bolster the overall cyber security maturity in Lithuania.