Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Insider and Third-Party Access Found to Be Growing Risks for IT Organizations Worldwide

May 9, 2017

  • Blog
  • Archive

Today, Bomgar released the 2017 Secure Access Threat Report, new research that revealed insider and third party access to be growing threats for organizations around the world. The survey of more than 600 IT and security professionals explores the visibility, control, and management that IT organizations in the U.S. and Europe have over employees, contractors, and third-party vendors with privileged access to their IT networks.

The respondents outlined two primary—yet very distinct—threats:

  • Insiders, defined as employees or people acting as an employee for the business (i.e., freelancers or on-premises contractors).
  • Third-parties, defined as external vendors or suppliers granted access to business systems.

For the majority of companies, suffering an information security breach is no longer a question of if, but when. Despite being aware of the threats, most organizations still allow a myriad of internal and external parties to access their most valuable systems and data, placing a lot of trust in employees and third-party vendors. Unfortunately, they also lack a robust system for managing, controlling, and monitoring the privileged access that these individuals, teams and organizations have.

The Threat from Within

The report revealed that 90 percent of security professionals trust employees with privileged access most of the time, but only 41 percent trust these insiders completely. Despite placing a lot of trust in employees by granting them privileged access, security professionals are paradoxically aware of the numerous risks that these individuals pose to the business. While most were not primarily worried about breaches of malicious intent, they were concerned that a breach was possible due to employees unintentionally mishandling sensitive data, or that employee’s administrative access or privileged credentials could easily be phished by cyber criminals. Yet, businesses are still falling behind with only 37 percent of respondents having complete visibility into which employees have privileged access, and 33 percent believing former employees could still have corporate network access.

Another key finding from the report is that security solutions are hindering productivity. As a rule, employees want to be efficient at work and, when faced with security measures that appear to hinder productivity, immediately institute shortcuts without considering the risks. To address this, organizations must implement a security solution that can be seamlessly integrated into the applications and processes that employees already use.



Vendor Vulnerability

External suppliers continue to be an integral part of how most organizations do business, with an average of 181 vendors accessing a company’s network every week. This is more than double the number from 2016. Not only is this practice on the rise, so too is the prevalence of breaches that occur due to third-party access.



More than two-thirds of our respondents have already experienced a breach that was “definitely” (35 percent) or “possibly” (34 percent) linked to a third-party vendor. While many security professionals admit that they afford external groups too much trust, action has not followed this recognition. Processes to control and manage privileged access for vendors remain lax, as evidenced by only 34 percent of respondents expressing total confidence that they can track vendor log-ins. A slightly higher percentage (37 percent) believe they can track the number of vendors accessing their internal systems.


Considering these factors, we were surprised to discover that more than half of organizations rely on just one employee to manage third-party access rights. If so few businesses have a handle on how many third-parties have access to their network and what those vendors are doing with that access, then having a single person managing it all is not a sustainable situation and represents serious risk. As the vendor ecosystem grows, companies must change their approach and employ a privileged access management solution that provides visibility into who is accessing the network—and when—without impeding business processes.

So how can organizations mitigate these risks and better protect the access to their most critical systems? Look no further than Bomgar Privileged Access. Our solutions enable security professionals to control, monitor, and manage access to critical systems by authorized employees, contractors, and third-party vendors. Bomgar’s unique, VPN-free approach allows companies to quickly gain control of privileged access to both traditional and web-based systems to protect against cyberattacks and meet compliance requirements without hindering productivity.

Want more details? Download a free copy of the report, and register for the webinar later this month!

Helen Spicer

Director of Marketing, EMEA

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.