Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for instance a managed service provider, because the attack is profitable. The threat actor could acquire access to the networks of the company’s clients. In 2022, vendors used by healthcare companies have had a few major cyberattacks, one of which impacted 650 HIPAA-covered entity clients of the company.
SecureLink offers access management solutions to companies. It lately investigated how organizations are handling the risk connected with giving vendors privileged access to their systems and has determined areas where the risks aren’t being successfully managed, though efforts are being taken to boost cybersecurity.
For SecureLink’s most recent report, The State of Cybersecurity and Third-Party Remote Access Risk, the firm surveyed 600 U.S. firms in an array of industries, such as healthcare, to find out more about their cybersecurity practices and how they are dealing with third-party risk.
55% of healthcare companies that answered the survey mentioned they had suffered a third-party data breach over the previous 12 months, which was the second greatest percent of all industry sectors, outdone only by the financial market where 58% of organizations had encountered a third-party data breach. Each of these industries counts seriously on third parties, and those third parties get access to sensitive information that is of substantial benefit to cybercriminals.
65% of healthcare providers stated they didn’t feel that their IT systems are prioritizing third-party security and access, and through all industry segments, 50% of firms mentioned managing third-party protection is complicated and a strain on internal resources.
Businesses had a fund of $365 million for IT in 2021. $78.5 million of which is expended on cybersecurity, which is approximately 21.5% of the IT finances. Yet regardless of the investment in cybersecurity, 54% of companies suffered a data breach over the past 12 months. 52% of survey respondents stated there was a rise in cyberattacks in contrast to the prior year, and the number of third-party attacks rose from 44% to 49%.
The survey established that businesses are starting to understand how to safeguard their systems and data; nonetheless, the number of cyberattacks and the difficulty of those attacks are escalating. The effect is tiny development has been made, with several companies striving to enhance their cybersecurity as rapidly as other areas of their operations.
The SecureLink survey shows businesses are failing to treat third-party vendors in accordance with the security risk they create. For instance, in 2022, just 49% of companies had a thorough inventory of all third parties that acquired access to their systems. This is a development from the 42% in 2021, however just a little. There is a greater percentage increase in businesses that have discovered all third parties having access to their most sensitive records, growing from 35% in 2021 to 45% in 2021, yet the figure stays worryingly low.
One of the principal issues that companies face is the sophistication of their third-party relationships, which was explained as a problem by 48% of survey participants. Included with that is tracking is usually a manual process, which isn’t a good usage of internal sources that are previously stretched. The survey showed merely 36% of businesses have computerized the process of tracking third parties. With the insufficiency of tracking and automation, it’s not unusual that 47% of respondents mentioned they aren’t remarkably useful at discovering third-party threats.
The major challenge companies face is having the staff members deal with third-party identities and cyber risk. Having more efficient systems and automated processes, access is more feasible and less challenging on an employee.“Automation and productivity are essential factors in a thriving cybersecurity approach. Employing security technology to streamline operations generates efficiency, which subsequently, will be far more successful in mitigating threats and getting talent to deal with cybersecurity.