Not only are third-parties becoming an increasingly popular attack vector, but in a new study produced
            by SecureLink and the Ponemon Institute, there’s an alarming disconnect between an organization’s
            perceived threat to third-party access and the security measures it employs.

            In  surveying  627  security  professionals,  this  latest  study,  “A  Crisis  in  Third-Party  Remote  Access
            Security,” found that within the past 12 months, 44% of organizations have experienced a breach with
            74% saying that it was the result of giving too much privileged access to third parties. What’s more, 51%
            say their organizations are not assessing the security and privacy practices of all third-parties before
            granting them access to sensitive and confidential information.

            The solution, thankfully, is simply to start putting resources behind vetting third-parties and implementing
            security measures that go beyond just inherent trust. Here are three starting points for assessing and
            shoring up your own third-party access security.


            Prioritizing Network Transparency

            Before implementing any changes or added measures, the first step is to assess your exposure and take
            inventory of your current vendor access. Of those surveyed in the report, only 46% say that they have
            comprehensive inventory of third parties with permitted network access. Shockingly, nearly two-thirds
            (63%) say they don’t have any visibility into vendor access and their network permissions.

            An initial inventory of vendor access can make the transition to a third-party vendor management system
            much more straightforward, which can significantly mitigate the risk of a third-party breach. A platform
            designed to manage vendor access not only offers the ability to easily see who has access and how
            much, but also can log who accessed your systems, when they did it, and what they did. As they say,
            knowing is half the battle.


            Zero Trust Network Access

            Not only is an accurate inventory of access difficult for a majority of those surveyed, but 60% say that
            they are unable to provide the appropriate amount of access to their vendors. More often than not, most
            err on the side of giving vendors too much access, and then trusting that their vendor doesn’t suffer a
            breach of their own. With third-party breaches on the rise, trusting your vendors to limit breaches into
            your own systems just isn’t enough anymore.

            Implementing a third-party vendor management platform, however, allows for the implementation of a
            much more secure Zero Trust Network Access model. Inherent trust in a vendor is replaced with multi-
            factor verification and privileged access management. Any time a vendor needs access to your systems,
            they must verify who they are, and once verified, only have access to exactly what they need. Trust can
            be abused; verification cannot.










            Cyber Defense eMagazine – June 2021 Edition                                                                                                                                                                                                88
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.