51% of Organizations Have Suffered Data Breaches Caused by Third-Party Remote Access
Researchers Highlighted That the Majority of Organizations View Third-Party Remote Access as A Security Threat, But Not A Priority.
Researchers from SecureLink and the Ponemon Institute recently released the “A Crisis in Third-Party Remote Access Security” report. Their analysis details the discrepancy between organizations’ perceived third-party access threat and their deployed security measures.
The survey was conducted by the Ponemon Institute on behalf of SecureLink and includes responses from 627 individuals based in North America, who are involved in their organization’s approach to managing remote third-party data risks.
The report states that
- 44% of organizations experienced a breach within the last 12 months;
- 51% of organizations experienced a data breach caused by third parties with remote access;
- 74% said the breach resulted from giving too much privileged access to third parties;
- 54% of respondents say their organizations are not assessing the security and privacy practices of all third parties before granting them access;
- 61% of respondents say their third-party management program does not define or rank levels of risk;
- 63% say their organization doesn’t have visibility into the level of access and permissions for both internal and external users.
According to the researchers, sophisticated hackers don’t stop at social media accounts, but are targeting large-scale organizations. What’s more, instead of attacking just one organization at a time, they’ve developed the more methodical “hack one, breach many” approach that starts with a common denominator between multiple organizations and enterprises – a third-party vendor.
Third parties offer specialty services to their customers (enterprises or organizations) that require remote access into an organization’s network in order to fulfill the responsibility for which they are hired. Oftentimes, these third-party companies service multiple customers, providing much needed support for specific functions that require network access.
In short, when threat actors see a third-party company, they see more than just one target – they see several, dozens, or even hundreds at which they can aim.
Image Source: SecureLink
This approach explains the infamous SolarWinds supply chain hack. The attackers injected malware into some routine software updates, as these were being rolled out to as many as 18,000 government entities and Fortune 500 companies, all clients of SolarWinds.
The report points out that “many organizations view third-party remote access as a security threat, but not a priority.” They are not taking the necessary steps to reduce third-party remote access risk, and, as a result, they expose their networks to security risks.
An organization’s attack surface is growing just as quickly as its third-party ecosystem and organizations must acknowledge this ever-changing threat landscape.
A concerning 59% percent of respondents low-rated their organizations for their effectiveness to mitigate third-party remote access risks. Therefore, researchers believe it’s highly important that organizations adopt new ways of handling third-party remote access and the risk associated with it.
By implementing a third-party security solution, organizations can start prioritizing best practices such as complete network visibility, identification of third parties, zero-trust network access policies, and regular assessing of compliant security practices, all of which secure the various stages of the third-party lifecycle, mitigate exposure, and increase organizational resilience.