Every company must purchase services and goods from another company at some point. This can include hiring outside legal counsel, marketing professionals, and even janitorial services. When the time comes to hire a third party vendor, it’s important to choose wisely. Why? Every business has a responsibility to protect its data, and part of protecting sensitive data involves conducting due diligence on third party vendors.
This has become increasingly important over the last several years since research has shown that third party data breaches account for a significant portion of all breaches. In fact, 56% of companies surveyed by Ponemon were affected by a third party data breach in 2017, which is a 7% increase over 2016. Third party data breaches aren’t just occurring more frequently, they are also driving up the average cost of a data breach. In 2015, it was reported that third party involvement in a data breach increases the average price per compromised record by $16.
Based on these statistics, it’s clear that something must be done about third party data breaches. But first, it’s important to understand what is causing this specific type of breach. What’s behind the steady increase in third party data breaches? Here are some of the possible explanations:
Shift in Hackers’ Strategy
Hackers are committed to illegally gaining access to sensitive data, but they typically do not want to spend a lot of time obtaining entry. If hackers know that it will be difficult to enter a company’s network, they may attempt to target third parties associated with the company instead. Hackers know that certain third parties store much of the same data that is on the target company’s network, so hacking a vulnerable third party instead of the target company’s network is an easier way to accomplish their goal. As larger companies invest more in cybersecurity, an increasing number of hackers may shift to this strategy.
Increase in Outsourced Work and Access to Data
A growing number of businesses are finding that it is in their best interests to hire third parties to take on certain tasks instead of handling them internally. Most third parties that are hired will have access to some–if not all–of a company’s data. The trend of hiring third parties is not going away anytime soon, either. It is predicted that businesses will continue to hire third parties to handle tasks that are unrelated to their company’s core competencies. Based on this prediction, it’s not hard to see why 40% of IT experts believe that third party access to company data will continue to grow over the next several years.
Failing to Keep An Updated Inventory of Data
It is imperative to keep track of which third parties have access to your sensitive data, but unfortunately, many companies fail to manage their data. Fifty-seven percent of companies surveyed by Ponemon admitted that they do not have an inventory of all the third parties that have access to their sensitive data. These respondents also revealed that they failed to research their third party partners’ data security practices prior to doing business with them. These companies have no clue where their data is and how it is being protected. If you aren’t sure where your data is located or how it’s being protected, it’s likely that you will be affected by a data breach.
Lack of Third Party Risk Management
The topic of third party risk management teams was also discussed in the Ponemon survey. The results showed that although the board members of most companies understand the risks involved with working with a third party, the vast majority of them believe they do not have the resources to ensure their data is safe with a third party. Sixty percent of companies that responded to the survey said that they are unprepared or incapable of verifying that their third party partners are actually protecting their company’s data. Companies can easily avoid this problem by establishing a team that is mainly responsible for managing third party risk.
Not Seen As A Top Priority
Numerous studies have shown that third party data breaches are on the rise, but many companies are still not given this issue the attention that it deserves. A survey conducted last year revealed that only 2% of IT experts consider third party access a top priority. These respondents stated that they do not prioritize third party access when developing or allocating the budget to company-wide cybersecurty initiatives. Therefore, it’s possible that third party data breaches are on the rise because IT professionals simply do not believe it is necessary to invest time or money in this area.
The results of this survey also seem to indicate that many IT professionals are in denial about the possibility that their company could be affected by a third party data breach. About 80% of the respondents said they expect their competitors to be affected by this type of breach in the future, but only 62% of respondents believe their company is at risk. It’s important for IT professionals to understand that every business is at risk of being involved in a third party data breach. If they don’t understand how crucial it is to protect against these breaches, no one within the organization will either.
If you’re in need of an e-waste recycler, there’s no third party vendor that is more reliable than ERI. At ERI, we take the destruction of your data seriously, which is why we offer both software based and physical destruction of your electronic data. We also provide a live video feed of the data destruction so clients can watch us work to ensure we are delivering on our promises. For more information on recycling electronics, or to request a quote from ERI, contact us today.