For many companies, the use of third-party vendors is an afterthought. After all, every company uses them, whether it be for a payroll service or some type of marketing platform. However, just because the use of third-party partners is widespread doesn’t mean that their networks are secure.
Too many companies are being left in the dark when it comes to third-party security and only realize their mistakes once it’s too late.
Here are 4 statistics you need to know about third-party vendor security risks:
1. Vendors are accessing your network more than you think
On average, 89 vendors are accessing a company's network every week, according to a study by Bomgar. Without proper security guidelines and thorough assessments, this frequent access is an opportunity for disaster.
2. Security breaches attributed to third-party partners are increasing
According to PwC's Global State of Information Security Survey, the number of data breaches attributed to third-party vendors increased by 22% since 2015. Our best guess is that this rise in third-party security breaches is directly related to the increasing number of third-party vendors per company. Companies are taking on more partners, but are not properly assessing their third-party vendor security risks.
3. Guidelines are a must
Only 52% of companies have security standards for third-parties, according to PwC. Remember, your third-parties have access to confidential data, and your company is responsible for whatever happens to that data. It's important to have guidelines for both your company and your vendors to maintain a positive (and secure!) partnership.
4. Security breaches are more than just an inconvenience
In addition to the financial loss that companies experience after a security breach, companies are subject to significant reputational damage, according to PwC. It's not hard to figure out why - customers lose trust in your brand if their personal information is put at risk. Although security guidelines for third-parties can be remediated, public opinion cannot - at least not very easily. Prevent damage to your organization's finances and image by identifying third-party vendor security risks before a devastating breach.
Now that you’re aware of the third-party vendor security risks, where to go from here? Start by managing and evaluating the security posture of your vendors to be made aware of all risks. Contact NuHarbor Security to evaluate and manage your vendors worry-free.
Paul Dusini is the Information Assurance Manager for NuHarbor Security. He has more than thirty years of experience helping organizations successfully and safely use information systems to support business goals. He is an experienced CIO and Risk Manager and is certified in security management (CISM) and risk management (CRISC).
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.