The latest enterprise risk management news from around the world

Research looks at how third-party workers contribute to enterprise risk

Talon Cyber Security has published its 2022 Third-Party Risk Report, unveiling an analysis of the ways that third-party workers increase security risks that leave organizations vulnerable to data breaches.

For the research, Talon surveyed 258 third-party workers, including contractors and freelancers, to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.

“It is well documented that third-party workers can increase risk,” said Ohad Bobrov, co-founder and CTO, Talon Cyber Security. “Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so we took a step back with this research to better understand the potential root causes. The findings paint a picture of a third-party work landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.”

Third parties and contractors often access corporate data from personal devices

Most third parties (89 percent) work from personal, unmanaged devices, which organizations lack visibility into and cannot enforce the enterprise’s security posture on.

With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used the device they work from to:

  • Browse the internet for personal needs (76 percent)
  • Carry out online shopping (71 percent)
  • Check personal email (75 percent)
  • Save weak passwords in the web browser (61 percent)
  • Play games (53 percent)
  • Allow family members to browse (36 percent)
  • Share passwords with co-workers (24 percent).

Legacy security approaches impact productivity

Analyzing the technologies that third parties use to access corporate applications and data, virtual desktop infrastructure (VDI) and desktop-as-a-service (DaaS) solutions are prominent, with 45 percent of respondents using such technologies while working for organizations.

Despite widespread adoption, VDI and DaaS can create environments that are complex, expensive, and deliver poor user experiences, says the report. In fact, nearly half of respondents (48 percent) said IT and security tools impact their productivity in some way – a trend that industry leaders should monitor to ensure the technologies they deploy do not prevent workers from conducting their job responsibilities.

More details



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.