Third-party vendors are a security risk, study says

Third-party vendors could be a huge security risk for companies, a new study by secure access solutions company Bomgar says. In order to minimise the risk, third-party vendors' access to IT systems must be monitored and managed correctly.

According to the study, 81 per cent of businesses said recent breaches raised awareness of the need for better third-party vendor access control. To make things worse, just 35 per cent know exactly how many vendors are accessing their network.

The study unveils that the average number of third-party vendors accessing a company's IT system is 89, with the number likely to grow in the future.

“Third-party vendors play a vital and growing role in supporting organisations’ systems, applications, and devices. However, they also represent a complex network that many organisations are struggling to appraise and manage correctly,” said Matt Dircks, CEO of Bomgar.

“It’s clear from the research that there’s a high level of trust in third-party vendors, but very little visibility or control over what they’re doing when connected to the company’s network. This combination of dependence, trust, and lack of control has created the ‘perfect storm’ for security breaches across companies of all sizes. If a hacker can compromise and pose as a legitimate vendor, they may have unfettered access to networks for weeks or even months; plenty of time to steal sensitive data or shut down critical systems.”

However, businesses are mostly aware of the possible risks:

  • Fifty-six per cent believe security risks are taken too lightly;
  • Forty-four per cent have 'all or nothing' access, not allowing for levels of access
  • Just above half (51 per cent) enforce policies around third-party access
  • Sixty-four per cent state businesses focus more on cost than security, and
  • Seventy-two per cent believe vendors using subcontractors will only add to the problem