Third-party relationships have expanded exponentially as companies seek outsourced services and software to perform optimally and backfill talent amid the ongoing pandemic. That expansion has broadened attack surfaces as weaker vendors are targeted by black hats to quietly surveil and paralyze systems.
According to a new survey from CRA Business Intelligence, security teams trying to track the practices of third parties have painfully limited visibility. The survey, conducted in late 2021 with more than 300 IT and cybersecurity decision-makers who work with third parties, sheds light on how well organizations understand and manage risks associated with their external partnerships.
Among the study’s key findings:
- 60% experienced a security incident in the past two years due to a third-party partner with access privileges
- 45% of those third-party security incidents led to more than $100,000 in damages
- 76% of IT leaders rated managing third-party risk as a high or critical priority at their organizations, which has increased since the onset of the pandemic that created business disruptions