Despite the increasing number of security threats connected to supplier and contractor access, only two percent of IT experts consider third-party secure access a top priority.
Soha Systems conducted research on 200+ IT and security C-level executives, directors and managers at enterprise-level companies to understand the importance and role that third-party access plays in the enterprise.
Four key insights were revealed, one being that third-party access is not an IT priority, but it is a major source of data breaches. While it is not viewed as a priority, 75 percent of respondents said it requires them to touch numerous network and application hardware and software components.
Mark Carrizosa, chief information security officer and VP of security at Soha Systems said, “The survey shows enterprises have vastly underestimated the resources required to deal with such breaches, even as their need to provide secure third-party access continues to grow.”
Respondents (62 percent) mostly feel their organisations are safe from third-party data breaches, but 79 percent can't say the same for their competitors. Over half (56 percent) have strong concerns about their ability to control and/or secure their own third-party access.
Most respondents felt that providing third-party access was a complex and tedious process. IT needs to touch five to 14 network and application hardware and software components to provide third-party access. More than half (55 percent) of those polled said providing third-party access to new supply-chain partners or others was a complicated IT project, with 40 percent who described the process as tedious or painful and 48 percent described it as an ongoing annoyance.
Over half (53 percent) of IT pros take data breaches personally as they felt it would reflect poorly on their job performance, but they aren't worried about losing their jobs. Only eight percent thought they would lose their job if a data breach occurred on their watch.
“For business reasons, organisations are increasingly providing third parties with access to their IT infrastructure, but IT and security leaders really need to help their business leaders understand the risks of third-party access and take steps to help manage these risks to an acceptable level,” said Derek Brink, VP and research fellow at Aberdeen Group.