Reports find high security risks among policies for third-party vendors
"Two recent reports highlight the security and privacy threats posed by third-party vendors. The reports examine companies' procedures for handling third-party vendor permissions and the ability of companies to track these vendors' activities.
One of the reports, which surveyed IT and security professionals in the US, UK, Germany and France, found that more than two-thirds (69%) of organisations surveyed said they may have been breached in the last year as a result of vendor access. The Vendor Vulnerability report, conducted by the remote desktop company Bomgar, found that companies have, on average, 89 vendors accessing their network every week.
Many organisations do not possess reliable information about the vendors accessing their internal systems. According to the survey, just 35% of the decision makers surveyed were ‘very confident’ that they knew how many vendors have access to their systems. A similar percentage of the participants (34%) expressed confidence in the number of log-ins that vendors possess.
The survey also found a high percentage of companies that provide nearly full access to their third-party vendors. According to the study, 44% of the professionals said their companies do not employ gradations of permission settings for vendors and instead use an ‘on/off approach’ to access.”
• Over a third of UK IT professionals haven't received any training in three years
• Lack of career progression pushes IT workers to shop around for jobs
• Firms can't escape yoke of new data protection rules even if UK leaves Europe
• No. 1 thing IT departments can learn from the Panama Papers hack
• Apple wins the battle for enterprise hearts and minds
• IT departments suffer from reverse skills gap
• Forecast decline in global IT spending will force CIOs to get smart with budgets
• Reports find high security risks among policies for third-party vendors
• Bring on the DevOps, say IT support managers
• And finally…Man destroys web hosting business with careless five-character Bash command