• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

The Impact of Contractors on an Organisation’s Cybersecurity

You are here: Home / Security News / The Impact of Contractors on an Organisation’s Cybersecurity

For the majority of businesses around the globe, hiring contractors is commonplace and often critical to achieving business goals. Contracting allows organisations to employ services that would otherwise be too expensive to invest in, such as security, IT or accounting. Contractors are hired on a temporary basis, as they are not required to fill a permanent position and are often as part of a project.

However, contracted employees can pose a significant security risk to organisations. Contracting adds another layer of complexity to the security challenge. Working with third parties to ensure proper security can be very difficult and time consuming and third parties can be a very real threat in large attacks. Another attack vector that has been seen making headlines in recent years is unauthorised data breaches coming from the contractors themselves.

In late February 2020, a NSW man employed as a contractor by an Australian sales company was charged over allegedly accessing servers without authorisation. It is alleged that he deleted over 350 illegally obtained files after a court order was issued to access his computer.

Last year, in October of 2019 a Sydney IT contractor employed by a property valuation firm stole the personal details, including property valuations and driver’s licenses of 275,000 individuals and made them readily available on the dark web. The trusted contractor had been employed by the firm for 12 years. It is said that the beach cost the firm at least $8 million.

And this month in March 2020, three contractors working for international courier company, DHL, were found to have been involved in financial misconduct regarding the diplomatic mail service with the Department of Foreign Affairs and Trade (DFAT). DHL provides mail and diplomatic freight services for embassies. This event can have a large impact on the reputation of DHL, and it’s ability to reliably provide embassies with safe and secure mail services.

These reports show that contractors are very capable of conducting malicious acts against their employer, even if they are long-serving contractors and considered to be trustworthy. Managing third-party risks is not a simple matter and takes a significant amount of time and resources to perfect. Vendors, contractors and consultants must be thoroughly vetted before conducting business with them. Their security efforts must match or exceed that of the customer organisation and agreements must be strictly adhered to.

The vetting of contractors should include full background checks, deep research into their online presence, and strict access management to ensure that they cannot access anything other than what they require to complete their job. This is absolutely critical if the contractor is to be given access to high-level business data and assets that could possibly be maliciously used. Feelings of unsatisfaction and issues with their employer are very often the root cause of malicious acts committed by a contractor. Unhappy contractors are also an attack vector for other malicious actors, who are looking for personnel that they can exploit and coerce into committing malicious activity, often for financial gain.

Closely monitoring, logging and regularly reviewing the activity of all third parties plays a very important part in maintaining strong vendor/contractor security.

Taking on third party vendors and contractors in a business is often daunting and risky, and businesses may meet with complex issues that are often difficult to solve in a timely and cost-effective manner. Agilient understands this, and can help. We specialise in providing organisations with strong advice regarding all aspects of business security, including third-party and contractor security. We help organisations develop robust security policies that will aid in defending against 2020’s threats and risks. If you would like to learn more about how we can of assistance, contact us today.

Author: Jack Schofield, Agilient Consultant

Tweet
Share

General,  Security News breach,  business security,  contractors,  cyber attack,  cybersecurity,  DHL,  government,  third-party contractors

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692