181 Third-Party Vendors Access the Average Company’s Network Each Week

On average, 181 vendors are granted access to a company’s network in a given week, a recent Bomgar survey of 608 IT professionals found.

Eighty-one percent of respondents said they’ve seen an increase in third-party vendors over the last two years, and 67 percent have already experienced a data breach that was either definitely (35 percent) or possibly (34 percent) linked to a third-party vendor.

Two-thirds of respondents said they trust third-party vendors too much.

Just 34 percent are totally confident they can track vendor logins, and just 37 percent are confident they can track the number of vendors accessing their systems.

Managing Access

“Security professionals must balance the business needs of those accessing their systems — whether insiders or third parties — with security,” Bomgar CEO Matt Dircks said in a statement.

“As the vendor ecosystem grows, the function of managing privileged access for vendors will need to be better managed through technology and processes that provide visibility into who is accessing company networks, and when, without slowing down business processes,” Dircks added.

Companies face similar issues with insiders. While 90 percent of respondents trust employees with privileged access most of the time, just 41 percent trust those insiders completely.

Only 37 percent of respondents have complete visibility into which employees have privileged access, and fully 33 percent of respondents said former employees could still have access to their corporate network.

“It only takes one employee to leave an organization vulnerable,” Dircks said. “With the continuation of high-profile data breaches, many of which were caused by compromised privileged access and credentials, it’s crucial that organizations control, manage and monitor privileged access to their networks to mitigate that risk.”

Mixing Work and Play

A separate kCura survey of 1,013 U.S. office-based employees found that 55 percent of respondents believe using a work device for personal communications doesn’t present a threat to their companies.

“Complete bans on the personal use of work devices would be difficult — if not impossible — to implement, and could be harmful to employee morale,” kCura e-discovery counsel David Horrigan said in a statement. “However, companies do need to implement reasonable policies to mitigate risk.”

Sixty-three percent of employees don’t believe their companies have policies on email retention or checking personal email and other accounts at work — or if they do, they don’t know about them. Fifty-six percent say the same about social media policies.

And while 98 percent of employees surveyed said privacy is important to them, 47 percent have sent personal emails and 45 percent have used the Internet for personal purposes on a personal device connected to company Wi-Fi — and 38 percent have used work email to send personal communications.

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles