AUSTIN, Texas, May 04, 2021 (GLOBE NEWSWIRE) — SecureLink, a leader in third-party remote access, and Ponemon Institute today released a new report titled “A Crisis in Third-party Remote Access Security”, revealing the alarming disconnect between an organization’s perceived third-party access threat and the security measures it employees.
Findings revealed that organizations are not taking the necessary steps to reduce third-party remote access risk, and are exposing their networks to security and non-compliance risks. As a result, 44% of organizations have experienced a breach within the last 12 months, with 74% saying it was the result of giving too much privileged access to third-parties.
“The findings in this report showcase the lack of security, management, and accountability that’s needed to adequately secure third-party remote access, which is very worrying,” commented Joe Devine, CEO of SecureLink. “While recent high profile breaches have done a good job of highlighting the serious risks of unsecure vendor relationships, there is still a lot of work to be done to shift organizations’ mindset when it comes to protecting not only their data, but their customer and partner data too.”
While many businesses continue to outsource critical business processes to third-parties, over half of respondents (51%) say their organizations are not assessing the security and privacy practices of all third-parties before granting them access to sensitive and confidential information. The report highlighted that while many organizations view third-party remote access as a security threat, it is not a priority — even despite the increasing volume and sophistication of cyberattacks happening around them.
“Providing remote access to third parties without implementing the appropriate security safeguards is almost guaranteeing a security incident and a data breach involving sensitive and confidential information,” said Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute. “It is important that organizations assess the security and privacy practices of the third parties that have access to their networks and ensure that they have just enough access to perform their designated responsibilities and nothing more.”
The report aims to emphasize the risk at each stage of the typical lifecycle organizations go through when engaging with a third party. Key findings include:
“Organizations need to stop taking a fingers crossed approach to third-party security. The truth is, if you don’t have the right protocols and tools in place, a data breach is likely inevitable,” added Devine. “Define who is responsible in the business and start by prioritizing network transparency, enforcing least privileged or zero trust network access, and constantly evaluating existing third-party security practices to ensure you meet the evolving threat.”
The study was conducted by Ponemon Institute on behalf of SecureLink and includes responses from 627 individuals who are involved in their organization’s approach to managing remote third-party data risks. Respondents are based in North America, spanning six industries, including financial services, health and pharma, public sector, services, and industrial and manufacturing.
Headquartered in Austin, Texas, SecureLink is the leader in third-party security, providing secure third-party remote access for both highly regulated enterprise organizations and technology vendors. SecureLink solves and secures the greatest point of risk in the third-party lifecycle for more than 30,000 organizations worldwide, providing companies across multiple industries, including healthcare, manufacturing, government, legal, and gaming, with secure remote access with identity management, access controls, audit, and compliance assurance.
Codeword for SecureLink