Report: third-party workers contribute to enterprise risk
Findings from survey held by Talon Cyber Security reveal a multitude of actions, devices, and security tools that leave organizations vulnerable
Cybertech
| 29/12/2022
Illustration. BIGSTOCK/Copyright: DragosCondrea
Talon Cyber Security, an Israeli developer of secure enterprise browser technology, published its 2022 Third-Party Risk Report, unveiling an analysis of the ways that third-party workers increase security risks that leave organizations vulnerable to data breaches.
The research surveyed 258 third-party workers, including contractors and freelancers, to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.
“It is well documented that third-party workers increase the risk of an organization,” said Ohad Bobrov, co-founder and CTO, Talon Cyber Security. “Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so we took a step back with this research to better understand the potential root causes.
“The findings paint a picture of a third party and contractor landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.”
Third parties (89%) often work from personal, unmanaged devices, which organizations lack visibility into and cannot enforce the enterprise’s security posture on. This is a likely contributor to the fact that third parties are often the cause of data breaches.
With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used the device they work from to:
- Browse the internet for personal needs (76%)
- Indulge in online shopping (71%)
- Check personal email (75%)
- Save weak passwords in the web browser (61%)
- Play games (53%)
- Allow family members to browse (36%)
- Share passwords with co-workers (24%)
Analyzing the technologies that third parties use to access corporate applications and data, Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) solutions are prominent, with 45% of respondents using such technologies while working for organizations.
Despite widespread adoption, VDI and DaaS can create environments that are complex, expensive, and deliver poor user experiences. In fact, nearly half of respondents (48%) said IT and security tools impact their productivity in some way – a trend that security and IT leaders should monitor to ensure the technologies they deploy do not prevent workers from conducting their job responsibilities.
Findings from survey held by Talon Cyber Security reveal a multitude of actions, devices, and security tools that leave organizations vulnerable
Illustration. BIGSTOCK/Copyright: DragosCondrea
Talon Cyber Security, an Israeli developer of secure enterprise browser technology, published its 2022 Third-Party Risk Report, unveiling an analysis of the ways that third-party workers increase security risks that leave organizations vulnerable to data breaches.
The research surveyed 258 third-party workers, including contractors and freelancers, to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.
“It is well documented that third-party workers increase the risk of an organization,” said Ohad Bobrov, co-founder and CTO, Talon Cyber Security. “Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so we took a step back with this research to better understand the potential root causes.
“The findings paint a picture of a third party and contractor landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.”
Third parties (89%) often work from personal, unmanaged devices, which organizations lack visibility into and cannot enforce the enterprise’s security posture on. This is a likely contributor to the fact that third parties are often the cause of data breaches.
With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used the device they work from to:
- Browse the internet for personal needs (76%)
- Indulge in online shopping (71%)
- Check personal email (75%)
- Save weak passwords in the web browser (61%)
- Play games (53%)
- Allow family members to browse (36%)
- Share passwords with co-workers (24%)
Analyzing the technologies that third parties use to access corporate applications and data, Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) solutions are prominent, with 45% of respondents using such technologies while working for organizations.
Despite widespread adoption, VDI and DaaS can create environments that are complex, expensive, and deliver poor user experiences. In fact, nearly half of respondents (48%) said IT and security tools impact their productivity in some way – a trend that security and IT leaders should monitor to ensure the technologies they deploy do not prevent workers from conducting their job responsibilities.
