CyberArk has identified third party vendors as the target for hackers and the weak link in enterprise IT.
In a new security brief the company says that organisations across different verticals provide network access to third-party vendors such as services companies.
Hackers of malicious high-profile attacks target third-party vendors and supply chain partners to reach their primary target.
Less secure partners are easy targets for these hackers and help them to compromise remote access points, steal and exploit privileged credentials, and gain access to targeted networks.
"It's no secret that attackers target the weakest links in IT security, which are often found in accounts provisioned to third-parties for network access," said John Worrall, chief marketing officer, CyberArk. "Often, these smaller third-party organisations have less sophisticated security policies and controls than the target companies, providing an open backdoor for attackers."
Soft spot in cyber security
CyberArk notes that 60 per cent of organisations allow third-party vendors remote access to internal networks.
Established U.S. banks and credit companies average about 20,000 third-party suppliers and most leading institutions have 200-300 high-risk, third-party relationships.
In the U.S., third-party errors increase the cost of a data breach by US $43 per record and 100 per cent of advanced attacks exploit privileged credentials.
63 per cent of data breaches are caused by security vulnerabilities introduced by third parties and 58 per cent of organisations lack confidence that their third-party vendors are securing and monitoring access to their network.
"With the proper privileged account security controls in place, organisations can provide the network access required for business efficiency while maintaining consistent security across all types of accounts - internal and external," added Worrall.
Sign up for Computerworld eNewsletters.