June 10, 2020//Rion WalkerLast Updated: June 14, 2022
It shouldn’t be surprising to you that third-party access is risky. And don’t just take my word for it; according to the Ponemon Institute, 61 % of breaches are caused by a third party, and 44% of organizations who suffered a breach by a third party have described it as “business altering.” And these companies don’t just have one or two vendors accessing their networks, in fact, the average organization has 25 unique vendor or third-party entities accessing privileged data or systems and spends a total of 5,000 hours managing access and investigating his incidents.
If the numbers aren’t scary enough, check out the results: 12-36 critical downtime events happen per year on vendor managed systems at an average cost to an organization of $1.5 million; not to mention regulatory or unquantifiable reputational risk. In other words, this doesn’t necessarily talk about the things we can’t put a price to: the lost business for a data breach and the fact that customers and consumers lose trust. Therefore, it’s no surprise, based research, that a majority of organizations rate the level of risk from third-party access to privileged systems or data, as either “high” or “extremely high.”
So, why are organizations failing to secure and prevent breaches, keep vendor systems up and running, and efficiently manage vendor or third party access? Below are common reasons and some recommendations.
The just-in-time economy has accelerated the complexity of businesses and both the operations and infrastructure required to support them, leaving them more vulnerable than ever against an expanding attack surface. Most organizations know they aren’t managing third party access well. But knowing the risks and focusing on solving the problem is the first step. Third parties have unique needs, unique risks, and therefore require a unique solution focused on the problem. Find a product that is dedicated to vendor privileged access management that allows organizations to identify, control, and audit third-party access in a secure and compliant way. To learn more about why most organizations struggle with securing third-party remote access, view our webinar that focuses on the most common vulnerabilities and weaknesses in the most common third-party remote access tools organizations are trying to use for vendor access.