Spreading Risk to Strengthen Security: The Case for a Multi-Vendor IT Strategy

Category: News
Published: 29th May 2024

< Back to Media
Hands typing on a laptop

Cyber crime is soaring to ever increasing heights and it certainly isn’t coming down any time soon. Ransomware-as-a-service is now more widely available than ever and many have concluded that the cyber threat has never been greater.

But with business leaders facing challenges on all fronts, including compliance and digital transformation, security can be placed lower on their list of priorities. It’s no surprise the idea of sourcing security from an IT provider already in use can present an appealing (and frankly easier) prospect. Especially if it saves valuable time.

However, before embarking on this approach, decision makers need to be aware of some potential risks inherent with a single provider strategy. These risks need to be carefully considered before making the final decision regarding their cyber security needs.

A single provider can create a single point of failure

While it’s reasonable to assume that IT providers are well protected from attacks, they are often some of the most targeted organisations. With complex infrastructure and limited expertise in security, IT providers are much more vulnerable to a breach. They are highly targeted because hackers see them as a potential route to gaining access to the companies using their services.

Recently, IT providers like CTS, Capgemini, Fujitsu, and Advanced were all victims of attacks including data breaches, ransomware, and credential stuffing. In Advanced’s case, the ransomware attack on this NHS IT provider negatively affected patient care. GP staff were forced to spend time taking notes manually as hackers had taken seven health systems offline, including the medical notes and check-in services. In the case of CTS, an estimated 200 law firms were left without access to critical systems, like case management, due to the outage caused by the hack.

These attacks demonstrate one thing – putting all your eggs in one basket can have disastrous consequences. Compared to specialist security providers, IT providers are equipped with a vastly different skillset. They might be great at cloud migration or setting up systems and hardware within an organisation, but their cyber security offerings often focus on simple system monitoring or rolling out updates and patches. On the other hand, a specialist security provider can present much more comprehensive services like active threat hunting and complete network protection.

A more nefarious risk is the lack of oversight. Without a third party to ensure security requirements are being met, a single IT provider can say whatever it likes to the companies using its services. You probably wouldn’t trust a student to mark their own homework so why would you trust an IT provider to do the same. They can easily miss vulnerabilities in their own system. With an entire organisation reliant on their technology for every area of business, that vulnerability can lead to catastrophe.

Adopting a multi-vendor strategy

So, what is the solution? To put it simply, companies need to start working with specialist security providers.

Dedicated security providers are equipped with a much wider skill set, which allows them to provide services such as 24/7 managed threat detection and response, asset management, and endpoint breach prevention.

They have more specialist expertise in the field, providing them with greater insight into where a business might be most vulnerable. This lets them target specific high-risk areas of the company rather than delivering a simple blanket solution that could leave the business open to data breaches.

A multi-vendor approach will provide both robust IT services and secure cyber protection.