Third-party security is again in the news with a new report that spotlights significant gaps in third-party user access management practices. The report from One Identity this week shows that online scammers are not the only concern for retailers. Based on a survey of over 1,000 IT professionals, retailers feel most at risk compared with other organizations, from unsecured third-party access:
- Nearly three in 10 (28%) retail organizations admit third-party users have successfully accessed or attempted to access files or data that they were not authorized to access.
- One in four (25%) respondents from retail organizations say they give all or most of their third-party users privileged access. By comparison, the same holds true for 18% of technology organizations, just 10% of healthcare organizations and only 10% of manufacturing organizations.
Elad Shapira, Head of Research at Panorays, commented:
“This new research indicating that 25 percent of companies are not confident that their third-party users are following the rules for managing access is unfortunate, but not surprising. Even as we regularly hear reports about disastrous third-party data breaches, some organizations unfortunately have not taken all the necessary steps to prevent them. These steps include thoroughly assessing the security posture of third parties, which should include determining the policies in place to limit access to data. In addition, assessments should include remediating any cyber gaps and continuously monitoring the third parties to uncover any new issues.”