Small Businesses May Not Be Security's Weak Link
Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.
Small businesses often have a bad reputation for being the gateway to supply-chain attacks on larger enterprises. But this may not be the case, as seen in a new report on small-business security.
As part of (ISC)²'s "Securing the Partner Ecosystem" study, researchers surveyed 700-plus people from small and large organizations to learn views on data-sharing risk. Half of large businesses view third-party partners of all sizes as a security risk, but only 14% have suffered a breach from working with a small partner. Meanwhile, 17% were breached as the result of working with a larger partner.
In fact, 94% of large enterprises are "confident" or "very confident" in small-business partners' security practices, with 95% having a process for vetting security capabilities. Nearly two-thirds of large firms outsource 26% of their daily business tasks to third parties, which requires data sharing. Here, researchers found access management and vulnerability mitigation are often overlooked.
How so? For starters, 34% of large enterprises say they have been surprised by the broad level of access a third-party partner had been given to their networks and data. Nearly 40% of small businesses had been surprised by the access granted when providing services to large partners.
More than half (54%) of small businesses expressed surprise at some large clients' insufficient security practices; 53% have notified clients of vulnerabilities found in larger networks. Fifty-five percent of small businesses said they continued to have access to a client's network or data after a project was completed. What's more concerning, 35% of large organizations admitted when a third party alerted them to insecure data access policies, their practices didn't change.
Read the release here and full report here.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024