In just the past few weeks, news of data breaches via third-party vendors are occurring everywhere from voter databases to hospitals to hotels and restaurants shows the growing significance of a problem that few seem to be able to correct.
Even some of the world’s largest brands are routine victims. Just last week, it was reported that a security analysis showed that millions of Verizon customer records were being held in data storage by a third-party vendor that failed to secure them. Once notified, Verizon acted within days to secure the sensitive customer information, but the story again highlights the importance of vendor and third-party security.
Our recent global research, the 2017 Secure Access Threat Report, revealed some eye-opening statistics about the widespread nature of the challenge companies face, and their need to enable security solutions to help them protect against the third-party threat vector.
In the US, 79 percent of respondents said the number of vendors and third parties they rely on as a business is likely to grow in the next two years, while 74 percent reported their organization “probably trusts third party vendors too much.”
Overall, the report found 81 percent of companies have seen an increase in third party vendors in the past two years, and yet 55 percent of companies rely on a single employee to manage third-party access rights.
The ways companies provide access to these external partners is problematic. In total, 1 in 5 companies are providing three or more access routes for vendors (including company standard login and password, VPN, etc.). And, IT’s efforts to clamp down on vendor access to provide greater security for their organization by instituting a “zero-trust” policy is looking increasingly less likely, as businesses must enable access to these vendors in the course of business operations. Despite rising skepticism of third-party vendor security practices, 30 percent of respondents in the Secure Access Threat Report said they lack incident response process to report and manage third-party vendor data breaches. For more details, download the full report for more insight.
The vulnerability of third-party and vendor access points is expected to be a focus at Black Hat 2017, one of the world’s largest trade shows for IT security professionals. The event includes a diverse mix of trainings, briefings on best practices and new security products and solutions to help organizations secure their most critical systems and data. If you’re attending, find Bomgar at booth #471 to pick up some exclusive swag and see a demo of our secure access solutions. Be sure to follow us on Twitter at @Bomgar for more updates from the show!
Sam Elliott, Director of Security Product Management
At Bomgar, Sam is responsible for the product management group that is driving product strategy for Bomgar’s security products. He has more than a decade of information security, ITSM, and IT operations management experience. He also is a seasoned expert in the areas of cyber-security, data center discovery, systems configuration management, and ITSM. Sam has a Bachelor of Science from Florida State University and is certified in ITIL v3 and Pragmatic Marketing. He resides in Atlanta, GA with his family and can be found on twitter @samelliott.