Vendor Vulnerability study shows that companies are opening up to cybersecurity breaches due to their increasing dependence on third-party vendors with access to IT systems. The research conducted by Bomgar found that a whopping 64% of organizations are likely to experience a serious information breach this year as a result of vendor activity.
The study which focuses on European and American businesses explores the control, visibility, and management that these companies have over external vendors accessing their IT systems. It also shows how aware companies are of their potential risks such as data breaches and cyberattacks that external parties accessing their networks can pose. Last but not least, the report highlights the control measures companies have put in place to protect themselves and external vendors from these issues.
81% of companies polled said that high profile data breaches have made them more aware of the importance of implementing external vendor controls. However, 65% of these do not know the exact number of vendors accessing their IT systems. Three quarters (75%) of respondents admitted that the number of external vendors used by companies has increased and 71% think the figures will continue to rise.
The study revealed a low level of vendor access to IT networks but a high level of trust in third-party vendors. Surprisingly, only 34% of respondents knew the number of log-ins made by vendors to their systems, and 69% believed that they had possibly experienced a security breach from vendor access.
Interestingly, companies understand the risk but among those surveyed were aware that the threats posed were due to ineffective management of vendor access. Of those polled:
• Only 22% were confident that they were fully protected from external vendor breaches while 56% thought that the threat posed by vendor access was not taken seriously.
• Two-thirds believe their company concentrates more on costs than security when it comes to outsourcing IT services.
• Almost half take a “none or full” approach to vendor access, instead of providing small levels of access for different vendors.