More than 50 percent of organizations reported a third-party data breach in 2022, and more than 70 percent found third-party breaches or cyberattacks in 2022 resulted from giving too much privileged access to third parties. This is according to a recent survey of 632 people involved in managing third-party data and cyber risk for their organizations.
The resulting report, “The State of Cybersecurity and Third-Party Remote Access Risk,” reveals that many organizations are “not treating those external parties as the security risk they are.”
The report’s authors note that while organizations have improved cybersecurity efforts over the years, “we’re also seeing a bigger reliance on third parties and remote work — both of which can introduce new cyber risks.”
Of those that SecureLink and the Ponemon Institute surveyed in April 2022 for the report, only 13 percent were in the education sector. However, more than half said managing third-party security is overwhelming and a drain on internal resources.
Click the banner to access customized security content when you register as an Insider.
Get Visibility and Limit Access
The report also notes that while it is “not difficult to restrict access,” dealing with a third-party cyberattack would be more difficult and time-consuming.
One reason for these third-party breaches could be that 48 percent of organizations “don’t have a comprehensive inventory of all third parties with access to their network,” the authors note.
The report also reveals that in 2022, “only 36 percent of respondents have visibility into the level of access and permissions both internal and external users have, and only 45 percent have identified the third parties that have access to the most sensitive data.”
The report’s authors conclude that this “might be why 49 percent of these organizations have experienced third-party attacks in the past 12 months compared to just 44 percent from the prior 12 months.” The authors caution that this number “will only increase if organizations continue to rely on manual infrastructure when cyberattacks are advancing every day.”
WATCH NOW: Keep students and their data safe with these cybersecurity measures.