War in Europe, a reminder for shared service centers and shoring operations to re-examine IT security stance
European business leaders, particularly CISOs, CTOs, and Chief Data Officers (CDOs), are adapting to the fact that the Ukraine war is a war in Europe and has a global impact. Sanctions, military aid, and even incoming refugees are signals that operators of digitally intensive shared service centers (SSCs) and off- / near-shore schemes should reconsider their contingency plans and IT security stance.
Although this advice is followed periodically, not war or no war, permanent clashes on the borders of the European Union will increase your determination to audit your IT security strategy. For businesses and organizations operating in Central and Eastern Europe (CEE), the need to reassess security comes as a stark reminder that service centers and shoring models can carry risks beyond the high exposure to cyber threats, including geopolitical threats.
To be sure, CEE is not the only game in town. In terms of hosting SSC and shoring operations, Latin America (Argentina, Brazil, Mexico, Panama, etc.) and Asia Pacific (India, Philippines, Thailand, etc.) also host a large number of these operations and share a set. Risk vectoring from their intense reliance and / or support on digital / IT-driven processes.
However, keeping all eyes on Europe and the CEE war in particular, let’s use that region as our lens.
Location, location, location
Many CEE countries, including the Slovak Republic, Poland and the Czech Republic, have been hosting workshops for the SSC business model for more than 20 years, with Ukraine adding its skilled workforce to the shoring and SSCs “party” shortly thereafter. Currently Shoring and SSC business model Employs at least 900,000 people Across the CEE region. With Kiev, Bratislava, Prague, Warsaw, Cluj and many other locations supporting telecommunications, software, finance, HR, automation and other business processes, considerable efforts have been made to make these IT hubs resilient.
Combined with the qualities of geography, human resources and the tools they use, SSC’s activities make it an attractive cyber-target. Now, the 20+ years of calm that have made the CEE region so attractive for SSC, warfare and its cyber-centric aspects, has created a new challenge – regardless of the efforts needed to create and nurture these productivity-centric business assets – providing security and trust. Both.
In terms of security, we only need advice Verizon’s DBIR report To see which industries are experiencing the highest rate of continuous and targeted attacks. And faith? Understand whether IT security in service-based offshoring and SSC operations, whether managed by headquarters or as part of the supply chain, provides a soft touch for malicious actors? After all, the report details many industries, and their supply chain partners, including Leverage Shore and SSC Opportunity – CEE. As such, operators should re-evaluate IT risks and tighten digital security practices across the board.
Many CIOs, CISOs and their staff have begun to look to zero trust, an IT security model designed to limit risk exposure by eliminating unnecessary access and opportunities in critical IT systems. In the case of zero trust, dividends tend to prioritize the limitations of the services available to users on the network rather than previously locking access. This means that no access is granted without specific and active authorization. Although it is only a single method, and it is aggressive, it scores high for activism.
COVID-19, combat and altered behavior
If we can draw from the ongoing COVID-19 epidemic (the peak of the 2020 COVID-19-linked threat) and the cyber-threat data associated with the broader threat landscape throughout the first half of 2020, 2021 and 2022, used for IT and data-sharing and SSC Intensive workflow dictates care.
Through design, SSCs focus on specific tasks or subtasks that can increase delivery speed and / or efficiency to facilitate costs for management. Here “sharing” means collaboration; However, collaboration provides rich opportunities for threat vectors. Although we will look at some of the specifics below, we can confidently say that the Zero Trust model offers a lot of promise for shoring and SSC operations.
Although SSCs perform well at CEE and elsewhere, the collaborative- and productivity-centric models that bring business to scale, on a scale, follow the intensity of risk. Even before the war, some of these risks had already presented themselves; In 2021, further refinement and adoption of cooperation platforms became a key enabler of the work revolution from the home that was initially started by the epidemic. Among the many platforms, the Microsoft Exchange Server experienced one of the biggest-scale security effects when a series of vulnerabilities were exploited by at least 10 Advanced Continuous Threat (APT) actors as part of the attack chain. Vulnerabilities allow attackers to take over any accessible Exchange server, even without knowing a valid account certificate.
Within a week of the vulnerability announcement, ESET detected webshell attacks on more than 5,000 email servers. With MS Exchange, one of the most popular collaboration platforms, the damage spread far and wide, and in the following days and weeks, attack attempts based on the exploitation of this vulnerability came in different waves. Some of the most notable and terrifying of the attacks were the rampant APT and criminal group ransomware campaigns.
Collaboration can mean many things: e-mail, shared documents, MS team, video calls, MS 365… and possibly the use of many cloud platforms. Again, the scale of tool use, both within an organization and in the supply chain (including partner organizations), opens up that large threat surface. All the digital tools / platforms mentioned here are the basis of many portfolios of Shoring and SSC.
All of the IT “real estate” vested by the platforms and tools mentioned is extremely powerful – so much so that many businesses and organizations have chosen managed security and service providers (MSSP + MSP) to outsource a business model to security. Wine similar to SSC. Unfortunately, the same digital glue that unites these businesses and their clients, has come under attack.
Faith Digital Glue
Virtual relationships, whether they are B2B, B2C or B2B2C, work because of trust relationships based on our willingness to decentralize and / or outsource processes. In the case of IT and the IT security administration’s work and services, we’ve also seen that trust relationship impact.
July 2021 saw Cassair’s IT management software, popular with MSP / MSSP, hit by unprecedented supply chain attacks. Similarly, another MSP player, Solar winds, Saw its Orion platform – which requires extremely convenient access to manage customer environments – in the face of attack; Clearly, this large-scale environment has become a preferred high-ROI threat vector. Although market leaders Cassia and Solar Winds both saw serious business and reputation effects, their clients were also greatly affected.
Accelerated digitization, provided by the epidemic, sheds light on the role that security has played in working from home around the world. This is probably the easiest to use by in-house staff to connect to the company’s servers but is best expressed by a large number of attacks on weak interfaces – Remote Desktop Protocol (RDP). The use of RDP has opened up numerous “backdoors” in companies and has come under constant attack over the past two years. As of December 2020, ESET recorded an average of 14.3 million attacks per day in Germany, Austria and Switzerland alone; This corresponds to 166 attacks per second. For the context, these three countries have significant near-shore operations and manufacturing investments across the CEE and many are at risk. Although RDP attacks finally saw a significant decline in 2022, poor admin security practices and other factors will likely put RPD among the serious threats facing SSCs and shoring operations.
Digital defense, large and small
The toolset to best protect businesses, including SSCs, clearly begins with mature IT management practices. Although many SSCs and shoring operations benefited from their HQ’s software update and patch management policies, as well as the deployment of endpoint identification products prior to the Ukraine war, mature safety practices were ideally provided / managed by a well-staffed safety operations center (SOC) now. Critical. These business activities may sit within the scope of larger security activities, both for the enterprise and the larger SMB, but need to be looked at more deeply. The last point is security, Service)And visibility across networks has become more intense through enhanced detection and response tools and security practices by both IT admins and staff.
Concerns about targeted attacks, harmful internal actors, and “trust” relationships mean service centers, especially those at CEE, should assess their safety posture and the maturity of their safety practices and monitor both internal and external risks.
Following the audit on this scale, businesses will need to quickly move to safer shelters with existing vendor service teams or, in many cases, new vendors since the Ukraine invasion. Although significant resources are required for auditing processes, they fundamentally ensure that cost savings, process efficiency, and the continuity of the shoring model business can continue.
For small activities that no SOC team sports or has no budget for endpoint detection and response equipment or managed detection and response, there are still significant options. Cloud security solutions can help secure vital collaboration tools, including Microsoft 365, OneDrive and Exchange Online, and include powerful, easy-to-integrate cloud sandbox tools that are effective against threats never seen before.
Conclusion
For example, many business threats, such as RDP, ransomware, and other malware through macro-enabled files, or e-mail with malicious attachments, can wreak havoc on a scale. For the offices in question, their clients or headquarters have chosen to invest and create the ability to deliver globally, so the challenges and threats are much the same.
With open conflict as a stern reminder, it is important to protect the investment and enhanced capabilities provided by SSC, shoring operations and other skills-based business models. It recalls the significant ink spilled at the EU level to create a more self-reliant security environment in Europe.
The conflict in Ukraine, like the previous epidemic, is sending a clear signal of the important role that digital must play in global business and maintain a stable and favorable economic environment. In something like collective security, if SSC becomes a weak link in European or global business services and supply chains, global business will be poorer for it.