Today, Bomgar released the Secure Access Threat Report for 2017, which highlights that third-party and insider access are increasing security threats against companies and their IT systems. The worldwide survey studies the control, visibility, and management, which IT companies in Europe and in the United State have over workers, vendors, and contractors with increased and special entry to their IT systems.
The respondents of report highlighted two main and distinct threats, respectively employees and vendors. Insiders are employees and people, who are acting as employees for the organisation including on-premise contractors and freelancers.
The report shows that almost all security staff trust their teams with special access. However, 41% trust their teams entirely. The organisations also were worrying that cyber criminals could easily phish the special access granted to employees and the special credentials.
At work, employees aim to be responsible and productive, which means they’re not acting in bad faith, but rather ignore security protocols to accelerate productivity. This drives the requirement for entry gateways, which priorities usability and productivity, without sacrificing increased security.
Matt Dircks, CEO of Bomgar, says that one single employee can make a company exposed. With continued complex data infringements, most of which resulted from special access, it’s essential for a company to manage, control, and monitor special access to their systems to reduce and mitigate any risks.
The report highlights that data breaches caused by third-parties are extensive. External suppliers are an integral component of how companies do business. During one single week about 181 vendors can access an organisation’s network. Considering how many vendors have access to a business’ systems, 67% of the organisations have faced a data infringement (35%) or possibly experienced a data breach (34%) connected to a vendor. Businesses aren’t controlling or managing the vendors’ special access.
Security staff must balance the needs of both insiders and third-parties who access the network and internal systems. With the growth of vendor ecosystems, businesses must better manage special access through processes and technology.