As a rule of thumb, it’s smart to protect your business data with the same integrity that you would protect your own. However, what happens when the locked doors and state of the art alarm systems are not enough? With data being shared at rapid speeds and across so many channels, organizations rely on third-party vendors and consultants as part of normal business operations.
However, these relationships may be overlooked or lack proper security protocols, leaving a back door wide open for hackers.
Third-party vendors are often beneficial to both a budding or well-established organization: they are necessary to support systems, applications and devices. However, many organizations fail to manage third-party user-access effectively. A recent study by Bomgar revealed just 35 percent of companies are confident they know the exact number of third-party vendors accessing their system, but 69 percent believe that they possibly suffered a breach in the past year resulting from third-party access.
Additionally, only 34 percent of companies know the number of log-ins to their network attributed to third party vendors. The concern lies in the fact that companies are well-aware of risk and many protect their systems and data in every way they’ve been told to, but many organizations don’t know who is accessing their data and why at a given point in time.
Bomgar’s Stuart Facey describes the struggle to secure third-party access in an article in Information Age. In the article, “A fence, a guard dog, a patrolling drone – but have you left the backdoor open?,” Stuart illustrates the risk of unrestricted or unmonitored access, and highlights the importance of establishing an audit trail to safeguard data:
When you hire a gardener, you allow them to access the garden and certain areas of your home. You certainly wouldn’t expect to find them in areas of your house which they don’t need to carry out their job…It’s important to have visibility of which vendors are logging in and where. Without the ability to granularly control access and establish an audit trail of who is doing what on their network, companies cannot protect themselves from third-party vulnerability.
Facey also discusses the need for organizations to keep up with the changing security landscape and how the “tenacity and intelligence” of cyber criminals is only increasing with time. He notes that though securing access points and employing strategies to better manage insider and vendor access, organizations are able to reap the benefits of utilizing third parties in a connected world (and shut the back door).
Check out the full article and share with us what safeguards your organization has in place to prevent third-party breach!