In just the past few weeks, news of data breaches via third-party vendors are occurring everywhere from voter databases to hospitals to hotels and restaurants shows the growing significance of a problem that few seem to be able to correct.
Even some of the world’s largest brands are routine victims. Just last week, it was reported that a security analysis showed that millions of Verizon customer records were being held in data storage by a third-party vendor that failed to secure them. Once notified, Verizon acted within days to secure the sensitive customer information, but the story again highlights the importance of vendor and third-party security.
Our recent global research, the 2017 Secure Access Threat Report, revealed some eye-opening statistics about the widespread nature of the challenge companies face, and their need to enable security solutions to help them protect against the third-party threat vector.
In the US, 79 percent of respondents said the number of vendors and third parties they rely on as a business is likely to grow in the next two years, while 74 percent reported their organization “probably trusts third party vendors too much.”
Overall, the report found 81 percent of companies have seen an increase in third party vendors in the past two years, and yet 55 percent of companies rely on a single employee to manage third-party access rights.
The ways companies provide access to these external partners is problematic. In total, 1 in 5 companies are providing three or more access routes for vendors (including company standard login and password, VPN, etc.). And, IT’s efforts to clamp down on vendor access to provide greater security for their organization by instituting a “zero-trust” policy is looking increasingly less likely, as businesses must enable access to these vendors in the course of business operations. Despite rising skepticism of third-party vendor security practices, 30 percent of respondents in the Secure Access Threat Report said they lack incident response process to report and manage third-party vendor data breaches. For more details, download the full report for more insight.
The vulnerability of third-party and vendor access points is expected to be a focus at Black Hat 2017, one of the world’s largest trade shows for IT security professionals. The event includes a diverse mix of trainings, briefings on best practices and new security products and solutions to help organizations secure their most critical systems and data. If you’re attending, find Bomgar at booth #471 to pick up some exclusive swag and see a demo of our secure access solutions. Be sure to follow us on Twitter at @Bomgar for more updates from the show!
Sam Elliott, SVP, Products
Sam Elliott is the Senior Vice President of Products at BeyondTrust, where he oversees the company’s solution portfolio. Leading with an identity security first approach, he drives product innovation and integration strategies across the broader security ecosystem. A technology veteran of over 18 years, Elliott’s focus is in privileged access management, remote access security, and SaaS strategies. He has helped build successful, cloud-first, startups and held product leadership roles across core technology industries, including Cyber Security, IT Asset Management, and IT Service Management. Elliott earned his Bachelor of Science from Florida State University.