New research by Bomgar has revealed that a large percentage of companies are suffering from a lack of control, visibility and management over external parties accessing their systems.
The Vendor Vulnerability survey discovered that an average of 89 third-party vendors access a typical company’s network each week, with this number expected to grow. Similarly, 75% of organizations said the number of third-parties they work with has increased over the last two years.
Despite this, the study of European organizations found only 34% of companies know how many log-ins their third-party vendors have, with more than three quarters (69%) admitting they had either definitely or possibly suffered a security breach as a result of vendor access within the last year.
“Third-party vendors play a vital and growing role in supporting organizations’ systems, applications, and devices. However, they also represent a knotty network that many organizations are struggling to appraise and manage correctly,” said Matt Dircks, CEO of Bomgar.
Whilst Bomgar’s research suggests companies are aware of the possible risks surrounding vendor access – 56% felt this issue is currently not being taken seriously enough and just 22% had confidence that their business is fully protected from third-party vendor breaches – half of those polled do not enforce policies to deal with the threat.
Sian John, EMEA Chief Strategist at Symantec, told Infosecurity that supply chain risks pose a serious threat to companies – especially large businesses – explaining that it is now extremely important that organizations implement up-to-date strategies that assess the security infrastructure of the third-parties they share data with.
John argued that whilst companies cannot tell third-party vendors exactly what sort of security they should be using, they can give them a minimum standard of what they expect them to be running, citing the use of anti-malware as an example.
“You need to take the privacy of the people that work for you seriously, and that means putting the right security in place,” she said.
“There’s clearly a gap in many organizations’ ability to limit their exposure to cyber-attacks that stem from hackers piggy backing on third-party vendor access,” Dircks added. “Without the ability to granularly control access and establish an audit trail of who is doing what on your network, you cannot protect yourself from third-party vulnerabilities.”