Talon Cyber Security, a company dealing in secure enterprise browser technology, recently published its 2022 Third-Party Risk Report, unveiling an analysis of the ways that third-party workers increase security risks that leave organizations vulnerable to data breaches.
For the research, Talon surveyed 258 third-party workers, including contractors and freelancers, to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.
“It is well documented that third-party workers can increase risk,” said Ohad Bobrov, co-founder and CTO, Talon Cyber Security. “Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so we took a step back with this research to better understand the potential root causes. The findings paint a picture of a third-party work landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.”
Third parties and contractors often access corporate data from personal devices
Most third parties (89%) work from personal, unmanaged devices, which organizations lack visibility into and cannot enforce the enterprise’s security posture on. This is a concerning figure, due to the fact that Microsoft estimates users are 71% more likely to be infected on an unmanaged device.
Risky behaviors from third parties leave organizations vulnerable
With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used the device they work from to:
* Browse the internet for personal needs (76%)
* Indulge in online shopping (71%)
* Check personal email (75%)
* Save weak passwords in the web browser (61%)
* Play games (53%)
* Allow family members to browse (36%)
* Share passwords with co-workers (24%)
Legacy security approaches impact productivity
Analyzing the technologies that third parties use to access corporate applications and data, Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) solutions are prominent, with 45% of respondents using such technologies while working for organizations.
Despite widespread adoption, VDI and DaaS can create environments that are complex, expensive, and deliver poor user experiences. In fact, nearly half of respondents (48%) said IT and security tools impact their productivity in some way – a trend that industry leaders should monitor to ensure the technologies they deploy do not prevent workers from conducting their job responsibilities.