Plenty of companies work with third-party suppliers, but not everyone fully comprehends how doing so significantly impacts a company’s cyber risk.
As we are inundated with news reports about massive third-party data breaches, it’s important to understand why they keep happening, and why third-party security management is so crucial to businesses. Here are seven eye-opening facts to be aware of:
While we have yet to find out the total number of breaches in 2018, we already know that the number of records compromised during the first half of this year increased by 133 percent over the same time in 2017. Gemalto reports figures that are absolutely staggering: During the first six months of this year, more than 25 million records were compromised or exposed every day, or 291 records every second.
Even though the absolute cost of data breaches is lower for SMBs compared to large companies, the rate of increase is significantly higher, and is quickly reaching an unbearable percentage of revenues. According to Kaspersky, the average enterprise pays $1.23 million per incident, up 24% from 2017. Meanwhile, SMBs spend about $120K per incident, amounting to an increase of 36% from last year.
A recent report by Carbon Black indicates that island hopping, a technique using third-party providers to find a path into the actual target, was used in half of all incidents they’ve investigated in 2017.
You read that right: They think they’ve been breached, but they’re not always completely sure. According to Bomgar, 66% of security professionals think that it’s possible or definite that they suffered a breach through third-party access.
In the past year, three-quarters of organizations have increased the number of vendors accessing IT systems (Bomgar). As a result, keeping track of the information shared with third parties and monitoring their security posture is virtually impossible using existing tools, such as manual data collection and reviews. The consequence is that organizations are becoming more susceptible to third-party breaches.
In small to medium enterprises with 200–499 employees, over a quarter have the same number of third-party vendors logging into their network in a typical week as they have employees (Bomgar). In large enterprises of 5,000+ employees, around one in eight don’t know how many vendors are logging into their network in a typical week.
This fact is according to a 2018 report from PwC, and it might explain at least part of the problem: A shocking number of organizations are not doing all that should be done to prevent third-party data breaches.
Want to learn how Panorays can help you reduce your third-party cyber risk? Contact us for more information.