Small Businesses May Not Be Security's Weak Link
Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.
Small businesses often have a bad reputation for being the gateway to supply-chain attacks on larger enterprises. But this may not be the case, as seen in a new report on small-business security.
As part of (ISC)²'s "Securing the Partner Ecosystem" study, researchers surveyed 700-plus people from small and large organizations to learn views on data-sharing risk. Half of large businesses view third-party partners of all sizes as a security risk, but only 14% have suffered a breach from working with a small partner. Meanwhile, 17% were breached as the result of working with a larger partner.
In fact, 94% of large enterprises are "confident" or "very confident" in small-business partners' security practices, with 95% having a process for vetting security capabilities. Nearly two-thirds of large firms outsource 26% of their daily business tasks to third parties, which requires data sharing. Here, researchers found access management and vulnerability mitigation are often overlooked.
How so? For starters, 34% of large enterprises say they have been surprised by the broad level of access a third-party partner had been given to their networks and data. Nearly 40% of small businesses had been surprised by the access granted when providing services to large partners.
More than half (54%) of small businesses expressed surprise at some large clients' insufficient security practices; 53% have notified clients of vulnerabilities found in larger networks. Fifty-five percent of small businesses said they continued to have access to a client's network or data after a project was completed. What's more concerning, 35% of large organizations admitted when a third party alerted them to insecure data access policies, their practices didn't change.
Read the release here and full report here.
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024