Talon Cyber Security has published its 2022 Third-Party Risk Report, unveiling an analysis of the ways that third-party workers increase security risks that leave organizations vulnerable to data breaches.
For the research, Talon surveyed 258 third-party workers, including contractors and freelancers, to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.
“It is well documented that third-party workers can increase risk,” said Ohad Bobrov, co-founder and CTO, Talon Cyber Security. “Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so we took a step back with this research to better understand the potential root causes. The findings paint a picture of a third-party work landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.”
Third parties and contractors often access corporate data from personal devices
Most third parties (89 percent) work from personal, unmanaged devices, which organizations lack visibility into and cannot enforce the enterprise’s security posture on.
With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used the device they work from to:
- Browse the internet for personal needs (76 percent)
- Carry out online shopping (71 percent)
- Check personal email (75 percent)
- Save weak passwords in the web browser (61 percent)
- Play games (53 percent)
- Allow family members to browse (36 percent)
- Share passwords with co-workers (24 percent).
Legacy security approaches impact productivity
Analyzing the technologies that third parties use to access corporate applications and data, virtual desktop infrastructure (VDI) and desktop-as-a-service (DaaS) solutions are prominent, with 45 percent of respondents using such technologies while working for organizations.
Despite widespread adoption, VDI and DaaS can create environments that are complex, expensive, and deliver poor user experiences, says the report. In fact, nearly half of respondents (48 percent) said IT and security tools impact their productivity in some way – a trend that industry leaders should monitor to ensure the technologies they deploy do not prevent workers from conducting their job responsibilities.