Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • Insider and Third-Party Access Found to Be Growing Risks for IT Organizations Worldwide current page
Link copied

Insider and Third-Party Access Found to Be Growing Risks for IT Organizations Worldwide

May 9, 2017
Author:
Hspicer
Helen Spicer
VP, Marketing EMEIA & APJ
Blog banner default
Insider and Third-Party Access Found to Be Growing Risks for IT Organizations Worldwide
Hspicer
Helen Spicer
VP, Marketing EMEIA & APJ

Today, Bomgar released the 2017 Secure Access Threat Report, new research that revealed insider and third party access to be growing threats for organizations around the world. The survey of more than 600 IT and security professionals explores the visibility, control, and management that IT organizations in the U.S. and Europe have over employees, contractors, and third-party vendors with privileged access to their IT networks.

The respondents outlined two primary—yet very distinct—threats:

  • Insiders, defined as employees or people acting as an employee for the business (i.e., freelancers or on-premises contractors).
  • Third-parties, defined as external vendors or suppliers granted access to business systems.

For the majority of companies, suffering an information security breach is no longer a question of if, but when. Despite being aware of the threats, most organizations still allow a myriad of internal and external parties to access their most valuable systems and data, placing a lot of trust in employees and third-party vendors. Unfortunately, they also lack a robust system for managing, controlling, and monitoring the privileged access that these individuals, teams and organizations have.

The Threat from Within

The report revealed that 90 percent of security professionals trust employees with privileged access most of the time, but only 41 percent trust these insiders completely. Despite placing a lot of trust in employees by granting them privileged access, security professionals are paradoxically aware of the numerous risks that these individuals pose to the business. While most were not primarily worried about breaches of malicious intent, they were concerned that a breach was possible due to employees unintentionally mishandling sensitive data, or that employee’s administrative access or privileged credentials could easily be phished by cyber criminals. Yet, businesses are still falling behind with only 37 percent of respondents having complete visibility into which employees have privileged access, and 33 percent believing former employees could still have corporate network access.

Another key finding from the report is that security solutions are hindering productivity. As a rule, employees want to be efficient at work and, when faced with security measures that appear to hinder productivity, immediately institute shortcuts without considering the risks. To address this, organizations must implement a security solution that can be seamlessly integrated into the applications and processes that employees already use.



Vendor Vulnerability

External suppliers continue to be an integral part of how most organizations do business, with an average of 181 vendors accessing a company’s network every week. This is more than double the number from 2016. Not only is this practice on the rise, so too is the prevalence of breaches that occur due to third-party access.



More than two-thirds of our respondents have already experienced a breach that was “definitely” (35 percent) or “possibly” (34 percent) linked to a third-party vendor. While many security professionals admit that they afford external groups too much trust, action has not followed this recognition. Processes to control and manage privileged access for vendors remain lax, as evidenced by only 34 percent of respondents expressing total confidence that they can track vendor log-ins. A slightly higher percentage (37 percent) believe they can track the number of vendors accessing their internal systems.


Considering these factors, we were surprised to discover that more than half of organizations rely on just one employee to manage third-party access rights. If so few businesses have a handle on how many third-parties have access to their network and what those vendors are doing with that access, then having a single person managing it all is not a sustainable situation and represents serious risk. As the vendor ecosystem grows, companies must change their approach and employ a privileged access management solution that provides visibility into who is accessing the network—and when—without impeding business processes.

So how can organizations mitigate these risks and better protect the access to their most critical systems? Look no further than Bomgar Privileged Access. Our solutions enable security professionals to control, monitor, and manage access to critical systems by authorized employees, contractors, and third-party vendors. Bomgar’s unique, VPN-free approach allows companies to quickly gain control of privileged access to both traditional and web-based systems to protect against cyberattacks and meet compliance requirements without hindering productivity.

Want more details? Download a free copy of the report, and register for the webinar later this month!

Latest Posts
  • Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Jun 12, 2026 Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Blog
    7m
  • Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Jun 9, 2026 Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Blog
    6m
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
Related
  • Recent Study Spotlights Remote Workforce Challenges & Cybersecurity Needs for the ‘Next Normal’
    Jan 12, 2021 Recent Study Spotlights Remote Workforce Challenges & Cybersecurity Needs for the ‘Next Normal’
    Blog
    1m
  • Lessons learned from 25 years of the Web
    Oct 20, 2017 Lessons learned from 25 years of the Web
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.