What You Should Know:

–

–

Imprivata

印刷

, a digital identity company, today released a new global research report conducted in collaboration with the

数字身份公司今天发布了一份新的全球研究报告，该报告是与

Ponemon Institute

根据泼蒙研究院

. The report, titled “

.报告标题为“

The State of Third-Party Access in Cybersecurity

网络安全中的第三方访问状态

,” reveals that third-party data breaches continue to pose a significant threat to organizations worldwide.

，“揭示了第三方数据泄露继续对全球组织构成重大威胁。

– The study, which surveyed nearly 2,000 IT security practitioners across various industries, found that 47% of organizations experienced a data breach or cyberattack involving a third-party accessing their network in the past 12 months. This figure is consistent with findings from a similar study conducted two years ago, indicating that the problem is persistent and pervasive..

–该研究调查了各行业近2000名IT安全从业人员，发现47%的组织在过去12个月内遭遇了涉及第三方访问其网络的数据泄露或网络攻击。这一数字与两年前进行的一项类似研究的结果一致，表明该问题持续存在且普遍存在。。

Key findings of the report include:

报告的主要结论包括：

Ongoing Threat:

持续威胁：

64% of respondents believe that third-party data breaches will either increase or remain at current levels over the next 12-24 months.

64%的受访者认为，在未来12-24个月内，第三方数据泄露将增加或保持在当前水平。

Expanding Attack Surface:

扩展攻击面：

Nearly half (48%) of organizations agree that third-party remote access is becoming the most common attack surface for cyberattacks.

近一半（48%）的组织同意第三方远程访问正在成为网络攻击最常见的攻击面。

Significant Consequences:

重大后果：

Data breaches caused by third-party access have led to the loss of sensitive information, regulatory fines, and damaged relationships with vendors.

第三方访问造成的数据泄露导致敏感信息丢失、监管罚款以及与供应商的关系受损。

Visibility Challenges:

可见性挑战：

35% of respondents are unsure how cyberattacks perpetrated through third-party access occurred, highlighting a lack of visibility into vendor activity.

35%的受访者不确定通过第三方访问实施的网络攻击是如何发生的，这突出表明缺乏对供应商活动的了解。

Resource Constraints:

资源限制：

41% of respondents cite insufficient resources or budget as a major barrier to mitigating third-party risk.

41%的受访者认为资源或预算不足是缓解第三方风险的主要障碍。

The Need for Improved Third-Party Risk Management

需要改进第三方风险管理

The report underscores the urgent need for organizations to strengthen their third-party risk management strategies. While awareness of the risks associated with third-party access has increased, many organizations struggle with inconsistent and immature security practices.

报告强调，各组织迫切需要加强其第三方风险管理战略。虽然人们越来越意识到与第三方访问相关的风险，但许多组织仍在与不一致和不成熟的安全做法作斗争。

The report outline the following key recommendations:

报告概述了以下主要建议：

Enhanced Visibility:

增强的可见性：

Implement solutions to gain greater visibility into third-party access and activity on the network.

实施解决方案以更好地了解网络上的第三方访问和活动。

Access Control:

访问控制：

Enforce strict access controls and least privilege principles for third-party vendors.

对第三方供应商实施严格的访问控制和最低特权原则。

Continuous Monitoring:

持续监测：

Continuously monitor third-party activity for suspicious behavior.

持续监控第三方活动中的可疑行为。

Regular Security Assessments:

定期安全评估：

Conduct regular security assessments of third-party vendors to ensure they meet security standards.

定期对第三方供应商进行安全评估，以确保其符合安全标准。

Incident Response Planning:

事件响应计划：

Develop and test incident response plans to address potential breaches caused by third-party access.

制定和测试事件响应计划，以解决由第三方访问引起的潜在违规行为。

“Third-party access is necessary to conduct global business, but it is also one of the biggest security threats and organizations can no longer remain complacent,” said Joel Burleson-Davis, Senior Vice President of Worldwide Engineering, Cyber, at Imprivata. “While some progress has been made, organizations are still struggling to effectively implement the proper tools, resources, and elements of a strong third-party risk management strategy.

。“虽然取得了一些进展，但各组织仍在努力有效实施强大的第三方风险管理战略的适当工具、资源和要素。

Cybercriminals continue capitalizing on this weakness, using the lack of visibility and uncertainty across the third-party vendor ecosystem to their advantage.”.

网络犯罪分子继续利用这一弱点，利用第三方供应商生态系统中缺乏可见性和不确定性的优势。”。