This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.

If you have comments on this blog posting, please email me .

The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.

Click here to see the whole Opinion Blog.

To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").

The Perils Of Using Online Service Providers.

Posted on 21st December 2021

Show only this post
Show all posts in this thread (Cybersecurity).

A recent ransomware attack on Kronos (reported on here by the BBC) highlights the risks of using online services for business critical functions.

Kronos provide cloud-based services for workforce management and human capital management, which includes payroll services.

Due to the attack, a number of large businesses, including Sainsbury's (a large UK supermarket chain), were unable to process their payroll.

Large corporations like to outsource, including to online service providers like Kronos and Kaseya (read about the Kayeya incident here), because there are cost advantages. The downside, however, is the increased risk of loss of service. A large online or cloud-based service provider is a larger and more interesting target for hackers; why spend time and effort attacking one company, when you can with the same effort attack a service provider and impact many companies? This is why there are so many of these kinds of attack at the moment; almost all attacks target either service providers, providers of software used by many organisations or large multi-site organisations like healthcare provides and government agencies.

There are, of course, contingency measures that one can take to protect against an attack on one's service providers, although they all have a cost. For example have a fallback service provider, to whom you send the same data, whether payroll, print or backup service data. When one's primary provider is hacked, you will be ready to go with an alternative.