Third-party providers, including contractors and freelancers, often put organizations at risk of malware compromise with poor cyber hygiene practices, a new study of more than 250 remote workers found.
The State of Third-Party Providers Examined
Talon Cyber Security surveyed 258 third-party providers to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.
Commenting on the study, Ohad Bobrov, co-founder and chief technology officer of Talon, said:
“Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so we took a step back with this research to better understand the potential root causes. The findings paint a picture of a third-party work landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.”
Visibility Lacking
Here’s what Talon discovered:
- Most third parties (89%) work from personal, unmanaged devices, where organizations lack visibility and cannot enforce the enterprise’s security posture on. Talon pointed to a Microsoft data point that estimated users are 71% more likely to be infected on an unmanaged device.
- With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used their devices to:
- Browse the internet for personal needs (76%)
- Indulge in online shopping (71%)
- Check personal email (75%)
- Save weak passwords in the web browser (61%)
- Play games (53%)
- Allow family members to browse (36%)
- Share passwords with co-workers (24%)
- Legacy apps such as Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) solutions are prominent, with 45% of respondents using such technologies while working for organizations.
Offering a final comment, Talon said:
“Despite widespread adoption, VDI and DaaS can create environments that are complex, expensive, and deliver poor user experiences. In fact, nearly half of respondents (48%) said IT and security tools impact their productivity in some way – a trend that industry leaders should monitor to ensure the technologies they deploy do not prevent workers from conducting their job responsibilities."