Significant gaps in third-party user access management practices are exposing organizations to cyber security risks

Published: Thursday, 28 November 2019 09:15

One Identity has released new global research revealing that many organizations fall short of effectively managing access for third-party users, exposing them to significant vulnerabilities, breaches and other security risks.

Based on a Dimensional Research-conducted survey of more than 1,000 IT security professionals, the research evaluates organizations’ approaches to identity and access management (IAM) and privileged access management (PAM), including how they apply to third-party users – from vendors and partners, to contractors and seasonal workers.

Among the survey’s most noteworthy findings are that while 94 percent of organizations grant third-party users access to their network, 61 percent admit they are unsure if those users attempted to or successfully accessed files or data they are not authorised to access.

One Identity’s survey reveals that many organizations are not implementing strong user governance and access practices, leaving them vulnerable to cyber compromise.

Additional key findings from the report include:

Third-party user access to the corporate network is ubiquitous, but what information those users access is worryingly unclear at many organizations:

Ineffective third-party user lifecycle management practices are widespread, which puts organizations at increased risk.

Organizations predominantly lack confidence that third party users follow security best practices and policies — and probably trust them too much:

Retail is the most at-risk industry when it comes to third party access:

More details.