Apr 21, 2022 SOURCE: BusinessWire

SecZetta Shares New Research: Lack of Diligence in Managing Third-Party Identity Risk Increases Vulnerability to Cyberattacks

SecZetta, the leading provider of third-party identity risk solutions, in partnership with ESG, an IT analyst, research, validation, and strategy firm division of TechTarget, today shared new research that demonstrates a clear misalignment between the strategies organizations currently use and what is actually required to protect them from cyberattacks due to third-party vulnerabilities.

At a time when cyberattacks are increasing in size, frequency, and impact, this research found most organizations are not taking the necessary steps to manage and monitor the lifecycle of their third-party identities, making them more vulnerable to cyber incidents. To strengthen cybersecurity programs and better manage identity lifecycles, including third-party and non-human workers, organizations need stronger third-party identity management strategies and solutions.

Key Survey Findings:

The research found 78% of organizations report it’s likely or extremely likely they have multiple identity records for a single third-party individual or organization. As a result, organizations may find themselves relying on inaccurate, outdated, or conflicting data, with third-party workers associated to projects they are no longer working on and to which they no longer have legitimate access needs. The existence of multiple active identities jeopardizes an organization’s compliance posture and increases susceptibility to security breaches.

A majority of organizations are concerned about over-permissioned and under-used identities, with 73% being highly or moderately concerned with third-party individuals, service accounts or administrators that have unnecessarily high, static, or standing permissions and authorization levels. This concern is justified given these permission-and entitlement-related threats are known to be leveraged in actual attacks and breaches. Reevaluation of access is typically triggered by a change in role, per project or on a time-based cadence.

When it comes to processes that mitigate third party individual and vendor risks, just over half (53%) of organizations are identity proofing and verifying third-party individuals and organizations before granting them access to company assets, reinforcing the need for organizations to invest in third-party identity risk solutions that provide a single identity authority prior to granting access.

But once you’re in, you’re in... an alarming 55% of respondents fail to deactivate third-party workers who no longer qualify to perform duties. Access to data and systems for this high-risk population often extends beyond project assignments or contract employment with an organization. The implications of this finding are huge since most breaches are found to be the result of compromised credentials. In many ways this equates to “leaving the doors and windows unlocked.”

Over 92% of organizations believe it is critical or very important to risk score third-party individuals and 89% believe the same for third party organizations, relying upon traditional HR processes like background screening designed to onboard new employees. These tools are ineffective at managing their growing number of third-party non-employees, which includes non-human worker identities such as bots, RPAs and IoT devices, which oftentimes can outnumber an organization's full-time employee base..

Surprisingly, only 20% of organizations plan to increase spend in the area of third parties, reinforcing the disconnect between the recognized need for improvements in their third-party identity management programs and actions to mitigate risk and reduce exposure to cyberattacks and breaches.

“The biggest security blind spot for the majority of organizations is the network of agencies, partners, suppliers, contractors and companies with whom they not only do business, but who are given access to data and systems,” said David Pignolet, founder and CEO of SecZetta. “It is an essential security best practice to apply the same level of diligence to the third-party worker population as organizations do their full-time employees. Organizations need to execute risk-based third-party identity management strategies at every stage of the worker lifecycle from proper onboarding to verification and routine auditing, to the eventual offboarding and deprovisioning of a third party’s access.”

The complexities of identity management require increased investment in the right tools and services, like third-party identity lifecycle management, to improve the operational efficiencies and reduce the cost and risk of managing the dynamic, higher-risk relationships with third-party individuals and organizations.

SecZetta will host a webinar with ESG senior analyst, Jack Poller, on April 27, 2022, at 11:00am ET to further discuss the findings. Registered attendees will receive a complimentary copy of the eBook, “Securing the Identity Perimeter with Defense,” further detailing the research findings. To register, visit https://lp.seczetta.com/securing-the-identity-perimeter-with-defense.

This quantitative web-based survey of 488 North American IT and cybersecurity professionals was conducted between December 14 and December 28, 2021. The respondents were all employed at organizations with 500 or more employees, span multiple industry verticals including manufacturing, financial services, retail and technology and are primarily focused on identity and access management programs, projects, processes, solutions/platforms, and services.

Source: ESG Research Survey, Securing the Identity Perimeter with Defense, December 2021

About SecZetta
SecZetta is the leading provider of third-party identity management solutions. Our solutions enable organizations to execute risk-based identity access and lifecycle strategies for diverse non-employee populations. Because the solution suite is purpose-built, it’s uniquely able to manage the complex relationships organizations have with non-employees in a single, easy-to-use application that simultaneously helps facilitate commercial initiatives, support regulatory compliance, and reduce third-party risk. For more information about SecZetta visit https://seczetta.com/.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220421005275/en/

Related News

Azul Launches New Security Product to Fill Critical Gap in Enterprises’ Secure Software Supply Chain Strategy

SecZetta Announces $20.5 Million Series B Funding to Advance its Leadership in Third-Party Identity Lifecycle and Risk Management

SecZetta Continues Growth Trajectory with Strong FY2022

SecZetta Announces Historic Third Quarter Fueled by Record Customer Wins and New Strategic Partnerships

U.S. Manufacturers Tackle Product, Supply Chain Challenges

Toshiba Appoints Teresa Sternhagen to General Manager

Ryder Women Celebrated for Supply Chain Leadership

Demand Management Systems Drives a Healthier Supply Chain for PharmaCare Laboratories

View all News

Latest Procurements

EST0400PH2/3-2 Armoured Fighting Vehicle Facilities Program Stage 2 Market Sounding

EST0400PH2/3-2 Armoured Fighting Vehcile Facilities Program Stage 2 construction contractor market sounding.

Motion Picture Film Cleaning Machine

Motion Picture Film Cleaning Machine to clean motion picture film prior to digitisation

Rental Management Services

Rental Management Services are required primarily for invoicing, collection of rent and administration of a separate audited trust account. The responsibility for repairs and maintenance and insurance of assets is...

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

Sky-Soft Ltd. (Kft)

M-TEK

Griffon Hovercraft

View All Companies