A recent report released by Imprivata and the Ponemon Institute revealed that 47% of organizations have fallen victim to a data breach or cyberattack in the past year, all of which involved a third party accessing their network. This alarming statistic sheds light on the ongoing issue of third-party security incidents persisting in today’s digital landscape.
The survey, which gathered responses from nearly 2,000 IT security practitioners worldwide, highlighted a worrying trend. Despite increased awareness of the risks associated with third-party access, 64% of respondents anticipate that these types of data breaches will either increase or remain at high levels in the next 12-24 months. This indicates that the problem is not going away anytime soon.
One of the key challenges organizations face in addressing third-party risk is the inconsistency and immaturity of their security strategies. Almost half of the organizations surveyed (48%) admitted that third-party remote access has become the most common attack surface, further emphasizing the urgent need for enhanced security measures in this area.
The report also delved into the financial implications of third-party security incidents, with organizations estimating an average cost of $88,000 per incident to restore access to third-party and privileged internal users. These costs include expenses related to detecting, responding to, and recovering from a breach, underscoring the significant financial impact of such incidents.
Joel Burleson-Davis, SVP of Worldwide Engineering, Cyber, at Imprivata, expressed concern over the lack of progress in implementing robust third-party risk management strategies. He emphasized the importance of organizations not becoming complacent in the face of evolving cyber threats, as cybercriminals continue to exploit vulnerabilities in the third-party vendor ecosystem.
The repercussions of third-party security incidents can be severe, with the loss or theft of sensitive information, regulatory fines, and severed relationships with vendors being among the most common consequences cited by affected organizations. While there has been a slight improvement in providing appropriate access levels to third parties, businesses still have room for growth in strengthening their overall security strategies.
One of the major challenges organizations face in addressing the third-party threat is the lack of visibility into how vendors are accessing their network. A significant portion of respondents (35%) admitted to being unsure of how the cyberattacks they experienced were carried out, highlighting the need for improved oversight and monitoring in this area.
Insufficient resources and budget constraints were identified as top barriers to reducing third-party risk, with 41% of organizations citing this as a major challenge. The amount of time and resources spent by IT and security teams on analyzing and investigating the security of third-party access further underscores the strain that managing third-party permissions can place on internal resources.
Overall, the report emphasizes the urgent need for organizations to address the issue of privileged access, particularly concerning third parties. Access security for both internal users and third parties must be made more efficient and effective to mitigate the risks associated with third-party access. With 58% of organizations admitting to having an inconsistent or non-existent security strategy in place, there is a clear opportunity for improvement in this critical area of cybersecurity.