Second-annual report by SecureLink and Ponemon Institute notes that the financial impact of cyberattacks averaged $9M
Austin, TX — July 20, 2022 — SecureLink, a leader in critical access management, and Ponemon Institute today released a new report titled “Treading Water: The State of Cybersecurity and Third-Party Remote Access Risk,” which reveals that organizations have made no significant progress in mitigating cyberattacks and have, in fact, experienced an increase in third-party attacks over the past year.
The report highlights that while the pandemic-accelerated adoption of cloud-enabled solutions and remote access have transformed industries, organizations’ security strategies lag behind these new technologies. Almost 60% of organizations have made changes to their cybersecurity structure in response to an increasing volume of cyber threats. Despite this, 49% of these organizations have experienced third-party attacks in the past 12 months compared to just 44% in the prior 12 months.
“The larger trend of moving to SaaS and cloud technologies means more organizations rely on third parties for core business practices, which in turn opens them up to greater cyberattacks,” commented Joel Burleson-Davis, SecureLink’s Chief Technology Officer. “What this report makes very clear is that third-party access and control is something every single company has to solve. And while no single software can solve all of today’s cybersecurity problems, upfront investment in trusted solutions that secure all access points and integrate with existing technology, will always pay off—especially when the cost of cyberattacks is so high.”
One of the biggest barriers to meaningful cybersecurity reform is the growing complexity of security strategies, with 67% of organizations reporting that the complexity of a system is a primary consideration when determining how they can improve their cybersecurity infrastructure. Limited budgets and labor shortages, which have made it difficult to hire and train expert personnel, are also preventing organizations from making improvements to their security strategies.
“In a constantly evolving third-party threat landscape, organizations need to be proactive and innovative in their approach to preventing cyberattacks and data breaches,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Limited cybersecurity budgets and not having the desired level of in-house expertise require organizations to invest wisely in those practices that address gaps in their third-party remote access security practices. Most importantly, these include having a comprehensive inventory of all third parties with access to their networks and defining and ranking the levels of risk to sensitive information.”
The report outlines specific challenges organizations are grappling with as they attempt to respond to a clear uptick in cyberattacks and new vulnerabilities brought on by digital transformation. Key findings include:
The report recommends that organizations adapt to today’s changing security environment by reducing the complexity of their cybersecurity infrastructure, improving internal governance, and enhancing oversight practices. Further insight from highly effective organizations demonstrates that assigning individuals to manage third-party risk, comprehensive documentation of network access, and ensuring security compliance are all essential for strong cybersecurity preparedness.
The study was conducted by Ponemon Institute on behalf of SecureLink and includes responses from 632 IT and security professionals engaged in their organization’s approach to managing remote third-party data risks. Respondents are based in the United States, spanning five industries, including financial services, healthcare, education, and industrial and manufacturing.
To view the complete findings and download the "Treading Water: The State of Cybersecurity and Third-Party Remote Access Risk" report: https://www.securelink.com/research-reports/the-state-of-cybersecurity-and-third-party-remote-access-risk/.
SecureLink is the industry leader in critical access management, empowering organizations to secure access to their most valuable assets, including networks, systems, and data. By leveraging Zero Trust principles, machine learning, and artificial intelligence, SecureLink provides comprehensive security solutions to govern, control, monitor, and audit the most critical and highest risk access points. Organizations across multiple industries — including healthcare, manufacturing, government, legal, and gaming — trust SecureLink to secure all forms of critical access, from remote access for third parties to access to critical infrastructure, regulated information, IT, and OT. For more information visit: www.securelink.com.
Codeword for SecureLink