HomeCII/OTInconsistent security strategies drive third-party threats

Inconsistent security strategies drive third-party threats

Published on

spot_img

A recent report released by Imprivata and the Ponemon Institute revealed that 47% of organizations have fallen victim to a data breach or cyberattack in the past year, all of which involved a third party accessing their network. This alarming statistic sheds light on the ongoing issue of third-party security incidents persisting in today’s digital landscape.

The survey, which gathered responses from nearly 2,000 IT security practitioners worldwide, highlighted a worrying trend. Despite increased awareness of the risks associated with third-party access, 64% of respondents anticipate that these types of data breaches will either increase or remain at high levels in the next 12-24 months. This indicates that the problem is not going away anytime soon.

One of the key challenges organizations face in addressing third-party risk is the inconsistency and immaturity of their security strategies. Almost half of the organizations surveyed (48%) admitted that third-party remote access has become the most common attack surface, further emphasizing the urgent need for enhanced security measures in this area.

The report also delved into the financial implications of third-party security incidents, with organizations estimating an average cost of $88,000 per incident to restore access to third-party and privileged internal users. These costs include expenses related to detecting, responding to, and recovering from a breach, underscoring the significant financial impact of such incidents.

Joel Burleson-Davis, SVP of Worldwide Engineering, Cyber, at Imprivata, expressed concern over the lack of progress in implementing robust third-party risk management strategies. He emphasized the importance of organizations not becoming complacent in the face of evolving cyber threats, as cybercriminals continue to exploit vulnerabilities in the third-party vendor ecosystem.

The repercussions of third-party security incidents can be severe, with the loss or theft of sensitive information, regulatory fines, and severed relationships with vendors being among the most common consequences cited by affected organizations. While there has been a slight improvement in providing appropriate access levels to third parties, businesses still have room for growth in strengthening their overall security strategies.

One of the major challenges organizations face in addressing the third-party threat is the lack of visibility into how vendors are accessing their network. A significant portion of respondents (35%) admitted to being unsure of how the cyberattacks they experienced were carried out, highlighting the need for improved oversight and monitoring in this area.

Insufficient resources and budget constraints were identified as top barriers to reducing third-party risk, with 41% of organizations citing this as a major challenge. The amount of time and resources spent by IT and security teams on analyzing and investigating the security of third-party access further underscores the strain that managing third-party permissions can place on internal resources.

Overall, the report emphasizes the urgent need for organizations to address the issue of privileged access, particularly concerning third parties. Access security for both internal users and third parties must be made more efficient and effective to mitigate the risks associated with third-party access. With 58% of organizations admitting to having an inconsistent or non-existent security strategy in place, there is a clear opportunity for improvement in this critical area of cybersecurity.

Source link

Latest articles

UK Cyber Attacks Increase by 34% as Ransomware Leadership Changes, According to Check Point Research

In June 2026, organizations in the United Kingdom faced an alarming average of 1,589...

1Password Integrates with Claude AI for Enhanced Secure Authentication

1Password Integrates with Anthropic's Claude AI: Enhancing Secure Authentication In a significant advancement in digital...

Critical WordPress Core Vulnerability Enables Remote Code Execution by Anonymous Hackers

Major Security Flaw Discovered in WordPress Core—"wp2shell" A newly unveiled pre-authentication remote code execution (RCE)...

Q&A: Cyber Returns to the CSIDES

In the vibrant seaside town of Weston-super-Mare, CSIDES is set to return for its...

More like this

UK Cyber Attacks Increase by 34% as Ransomware Leadership Changes, According to Check Point Research

In June 2026, organizations in the United Kingdom faced an alarming average of 1,589...

1Password Integrates with Claude AI for Enhanced Secure Authentication

1Password Integrates with Anthropic's Claude AI: Enhancing Secure Authentication In a significant advancement in digital...

Critical WordPress Core Vulnerability Enables Remote Code Execution by Anonymous Hackers

Major Security Flaw Discovered in WordPress Core—"wp2shell" A newly unveiled pre-authentication remote code execution (RCE)...