Page 88 - Cyber Defense eMagazine forJune 2021
P. 88
Not only are third-parties becoming an increasingly popular attack vector, but in a new study produced
by SecureLink and the Ponemon Institute, there’s an alarming disconnect between an organization’s
perceived threat to third-party access and the security measures it employs.
In surveying 627 security professionals, this latest study, “A Crisis in Third-Party Remote Access
Security,” found that within the past 12 months, 44% of organizations have experienced a breach with
74% saying that it was the result of giving too much privileged access to third parties. What’s more, 51%
say their organizations are not assessing the security and privacy practices of all third-parties before
granting them access to sensitive and confidential information.
The solution, thankfully, is simply to start putting resources behind vetting third-parties and implementing
security measures that go beyond just inherent trust. Here are three starting points for assessing and
shoring up your own third-party access security.
Prioritizing Network Transparency
Before implementing any changes or added measures, the first step is to assess your exposure and take
inventory of your current vendor access. Of those surveyed in the report, only 46% say that they have
comprehensive inventory of third parties with permitted network access. Shockingly, nearly two-thirds
(63%) say they don’t have any visibility into vendor access and their network permissions.
An initial inventory of vendor access can make the transition to a third-party vendor management system
much more straightforward, which can significantly mitigate the risk of a third-party breach. A platform
designed to manage vendor access not only offers the ability to easily see who has access and how
much, but also can log who accessed your systems, when they did it, and what they did. As they say,
knowing is half the battle.
Zero Trust Network Access
Not only is an accurate inventory of access difficult for a majority of those surveyed, but 60% say that
they are unable to provide the appropriate amount of access to their vendors. More often than not, most
err on the side of giving vendors too much access, and then trusting that their vendor doesn’t suffer a
breach of their own. With third-party breaches on the rise, trusting your vendors to limit breaches into
your own systems just isn’t enough anymore.
Implementing a third-party vendor management platform, however, allows for the implementation of a
much more secure Zero Trust Network Access model. Inherent trust in a vendor is replaced with multi-
factor verification and privileged access management. Any time a vendor needs access to your systems,
they must verify who they are, and once verified, only have access to exactly what they need. Trust can
be abused; verification cannot.
Cyber Defense eMagazine – June 2021 Edition 88
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.