Trusting vendors and suppliers is a core part of an organization’s ability to do business. On average, a company shares sensitive data with 583 third parties as part of core business activities. However, only 34% of these companies keep a complete record of the organizations with whom they share this data.
However, the exposure of sensitive internal data is not the only risk associated with vendor relationships. In 94% of companies, third-party vendors or suppliers have authorized access to the organization’s network. In 72% of cases, this access includes administrator-level privileges on internal systems.
Achieving visibility into these third-party relationships is essential to accurately evaluating an organization’s cyber risk. Even if a third-party vendor can be trusted with access to an organization’s network and systems, such access could permit a cybercriminal to utilize a partner’s network as an entry point into the company network; this was the case in the Target breach. Cybercriminals took advantage of the network access that was given to the company’s HVAC provider and used it to infiltrate Target’s network.