On average, 181 vendors are granted access to a company’s network in a given week, a recent Bomgar survey of 608 IT professionals found.
Eighty-one percent of respondents said they’ve seen an increase in third-party vendors over the last two years, and 67 percent have already experienced a data breach that was either definitely (35 percent) or possibly (34 percent) linked to a third-party vendor.
Two-thirds of respondents said they trust third-party vendors too much.
Just 34 percent are totally confident they can track vendor logins, and just 37 percent are confident they can track the number of vendors accessing their systems.
“Security professionals must balance the business needs of those accessing their systems — whether insiders or third parties — with security,” Bomgar CEO Matt Dircks said in a statement.
“As the vendor ecosystem grows, the function of managing privileged access for vendors will need to be better managed through technology and processes that provide visibility into who is accessing company networks, and when, without slowing down business processes,” Dircks added.
Companies face similar issues with insiders. While 90 percent of respondents trust employees with privileged access most of the time, just 41 percent trust those insiders completely.
Only 37 percent of respondents have complete visibility into which employees have privileged access, and fully 33 percent of respondents said former employees could still have access to their corporate network.
“It only takes one employee to leave an organization vulnerable,” Dircks said. “With the continuation of high-profile data breaches, many of which were caused by compromised privileged access and credentials, it’s crucial that organizations control, manage and monitor privileged access to their networks to mitigate that risk.”
Mixing Work and Play
A separate kCura survey of 1,013 U.S. office-based employees found that 55 percent of respondents believe using a work device for personal communications doesn’t present a threat to their companies.
“Complete bans on the personal use of work devices would be difficult — if not impossible — to implement, and could be harmful to employee morale,” kCura e-discovery counsel David Horrigan said in a statement. “However, companies do need to implement reasonable policies to mitigate risk.”
Sixty-three percent of employees don’t believe their companies have policies on email retention or checking personal email and other accounts at work — or if they do, they don’t know about them. Fifty-six percent say the same about social media policies.
And while 98 percent of employees surveyed said privacy is important to them, 47 percent have sent personal emails and 45 percent have used the Internet for personal purposes on a personal device connected to company Wi-Fi — and 38 percent have used work email to send personal communications.