Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.

Dark Reading Staff, Dark Reading

June 20, 2019

1 Min Read

Small businesses often have a bad reputation for being the gateway to supply-chain attacks on larger enterprises. But this may not be the case, as seen in a new report on small-business security.

As part of (ISC)²'s "Securing the Partner Ecosystem" study, researchers surveyed 700-plus people from small and large organizations to learn views on data-sharing risk. Half of large businesses view third-party partners of all sizes as a security risk, but only 14% have suffered a breach from working with a small partner. Meanwhile, 17% were breached as the result of working with a larger partner.

In fact, 94% of large enterprises are "confident" or "very confident" in small-business partners' security practices, with 95% having a process for vetting security capabilities. Nearly two-thirds of large firms outsource 26% of their daily business tasks to third parties, which requires data sharing. Here, researchers found access management and vulnerability mitigation are often overlooked.

How so? For starters, 34% of large enterprises say they have been surprised by the broad level of access a third-party partner had been given to their networks and data. Nearly 40% of small businesses had been surprised by the access granted when providing services to large partners.

More than half (54%) of small businesses expressed surprise at some large clients' insufficient security practices; 53% have notified clients of vulnerabilities found in larger networks. Fifty-five percent of small businesses said they continued to have access to a client's network or data after a project was completed. What's more concerning, 35% of large organizations admitted when a third party alerted them to insecure data access policies, their practices didn't change.

Read the release here and full report here.  

 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights