Cyberattacks on companies are growing year after year in all industries. Cyberattacks that involve third parties likewise increased. From the viewpoint of a cyber attacker, it is more sensible to attack a vendor like a managed service provider, since the attack is successful. The threat actor can obtain access to the systems of the firm’s clients. In 2022, vendors employed by healthcare providers had a number of big cyberattacks, one of which affected 650 HIPAA-covered entity customers of the firm.
SecureLink provides access management services to companies. It lately looked into how companies are handling the risk related to giving vendors privileged access to their networks and has determined areas where the risks aren’t being efficiently managed, although work is being done to enhance cybersecurity.
For SecureLink’s latest report, The State of Cybersecurity and Third-Party Remote Access Risk, the organization surveyed 600 U.S. organizations throughout a variety of industries, which include healthcare, to understand more about their cybersecurity guidelines and how they’re dealing with third-party risk.
55% of healthcare companies that replied to the survey stated they had encountered a third-party data breach within the last 12 months, which was the 2nd biggest percent of all industry sectors, defeated only by the financial industry where 58% of firms had suffered a third-party data breach. The two of these industry segments depend greatly on third parties, and those third parties gain access to sensitive information that is of great worth to cyber criminals.
65% of healthcare providers mentioned they didn’t think that their IT systems are putting first third-party safety and access, and throughout all industries, 50% of organizations stated managing third-party safety is difficult and depletion on internal assets.
Companies had funds of $365 million for IT in 2021. $78.5 million of that is invested in cybersecurity, which is about 21.5% of the IT finances. Yet in spite of the investment in cybersecurity, 54% of businesses encountered a data breach in the last 12 months. 52% of survey respondents mentioned there was a growth in cyberattacks in comparison to the last year, and the number of third-party attacks grew from 44% to 49%.
The survey affirmed that businesses are beginning to understand how to secure their systems and data; nevertheless, the number of cyberattacks and the complexity of those attacks are escalating. The outcome is minimal progress has been made, with a lot of companies having difficulties improving their cybersecurity as quickly as other facets of their operations.
The SecureLink survey reveals businesses are unable to treat third-party vendors in relation to the security risk they present. For instance, in 2022, just 49% of companies had an extensive inventory of all third parties that got access to their network. This is an enhancement from the 42% in 2021, yet just a bit. There is a higher percentage increase in businesses that have discovered all third parties that have access to their most sensitive information, increasing from 35% in 2021 to 45% in 2021, however, the figure remains worryingly low.
One of the major concerns that companies face is the difficulty of their third-party relationships, which was mentioned as a problem by 48% of survey participants. Included in that is tracking is frequently a manual process, which isn’t an excellent usage of internal assets that are actually stretched. The survey revealed merely 36% of businesses have computerized the process of checking third parties. With a lack of tracking and automation, it isn’t unexpected that 47% of respondents stated they aren’t very successful at discovering third-party threats.
The greatest challenge organizations face is having the personnel to take care of third-party identities and cyber risk. Having more simple systems and automated processes, access is more workable and less troublesome for employees. Automation and performance are important factors in a profitable cybersecurity tactic. Utilizing security technology to simplify operations produces efficiency, which consequently, will be a lot more useful in mitigating threats and having the talent to handle cybersecurity.