insider threat

It doesn’t matter how many times you tell employees not to share passwords. A new study suggests many people are still going to do it.

The 2018 Privileged Access Threat Report, recently published by Bomgar, a leader in identity and access management solutions for privileged users. The study is global, taking a look at employees, independent contractors, and third-party vendors, specifically at the way they handle security.

Brass tack: 50% of the organizations contacted for the study had suffered a breach due to third-party vendor error or some other “insider threat.”

This year’s report found that external threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organization’s own network. In fact, 50% of organizations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats–up from 42% in 2017. Additionally, 66% of organizations claimed that they could have experienced a breach due to third-party access in the last 12 months, and 62% due to insider credentials.

The study also found that 73% of the companies rely on third-party vendors too heavily, and 72% have cultures that are too trusting of partners.

In an age where data breaches have become the third certainty in life, and have immense financial and reputational implications for businesses, these organizations have far too much faith towards those that operate within their network.

Read the whole report here.