The Third-party Access and Compromise study reveals figures that should raise eyebrows and set security alarms ringing before disaster strikes.

Third-party user access to the corporate network is ubiquitous, but what information those users access is worryingly unclear at many organizations. 

  • 94% percent of respondents say that third parties have access to their network while 74% give third-parties privileged (administrative or superuser) access.
  • Only 21% know for certain their third-party users are not attempting to access or are successfully accessing unauthorized information. 
  • 13% report third parties have attempted to or successfully accessed unauthorized information; more than three in five (66%) don’t know for certain if this has happened.

Ineffective third-party user lifecycle management practices are widespread, which puts organizations at increased risk. 

  • Only 22% of organizations immediately deprovision (or revoke access for) third-party users when the work they do for the company ceases.
  • One-third (32%) of organizations take more than 24 hours to deprovision third-party users or do not have a consistent deprovisioning process.

Organizations predominantly lack confidence that third-party users follow security best practices and policies—and likely trust them too much. 

  • Only 13% are very confident that their third parties’ follow access management rules, such as not sharing accounts and ensuring password strength.
  • One in five (19%) suspect third parties do not follow the rules or know for certain they do not. 
  • However, 38% of respondents trust third-party users the same amount or more than they do their own employees to follow their organizations’ security policies.

Respondents varied in their trust levels  

  • Among all respondents, employees were consistently the most trusted group to adhere to organization security policies. For the Asia/Oceania region, employees in Singapore were the most trusted (62%) to do so, followed by those in Hong Kong (57%). Australia/New Zealand employees ranked 6th (50%) among the seven groups, just before France (49%).
  • In France, third parties (18%) were more trusted than in any of the other respondents. This was followed by Australia/NZ third parties (12%). In Singapore, only 5% of respondents trusted third parties, and this was 8% in Hong Kong.
  • In Singapore, while 92% of organizations grant third-party users access to their network, 60% admit they are unsure if those users attempted to or successfully accessed files or data they are not authorized to access, hinting towards a huge security lapse.

Globally, retail is the most at-risk industry when it comes to third-party access.