SecZetta Shares New Research: Lack of Diligence in Managing Third-Party Identity Risk Increases Vulnerability to Cyberattacks

FALL RIVER, Mass.–(BUSINESS WIRE)–SecZetta, the leading provider of third-party identity risk management solutions, in partnership with ESG, an IT analyst, a research, validation and strategy division of TechTarget, today shared new research that demonstrates a clear mismatch between the strategies organizations currently use and what is actually needed to protect them from cyberattacks due to third-party vulnerabilities.

At a time when cyberattacks are increasing in size, frequency and impact, this research found that most organizations are not taking the necessary steps to manage and monitor the lifecycle of their third-party identities, making them more vulnerable to cyber incidents. To strengthen cybersecurity programs and better manage identity lifecycles, including third-party and non-human workers, organizations need stronger third-party identity management strategies and solutions.

Main results of the survey:

  • The search found 78% of organizations report that it is likely or extremely likely that they have multiple identity records for a single person or third-party organization.. As a result, organizations may find themselves relying on inaccurate, outdated, or conflicting data, with third-party workers associated with projects they no longer work on and no longer need legitimate access to. Having multiple active identities compromises an organization’s compliance posture and increases vulnerability to security breaches.

  • A majority of organizations are concerned about over-authorized and under-used identitieswith 73% be very or moderately concerned about third parties, service accounts, or administrators that have unnecessarily high, static, or permanent permissions and permission levels. This concern is justified given that these permissions and rights threats are known to be exploited in actual attacks and breaches. Access reassessment is typically triggered by a role change, by project, or on a time cadence.
  • With respect to processes that mitigate the risks of individual third parties and vendors, just over half (53%) of organizations monitor and verify the identity of third-party individuals and organizations before granting them access to corporate assets, which reinforces the need for organizations to invest in third-party identity risk management solutions that provide single identity authority before to grant access.

  • But once you’re there, you’re in… an alarming situation. 55% respondents fails to disable third-party workers who are no longer qualified to perform their duties. Access to data and systems for this high-risk population often extends beyond project assignments or contract employment with an organization. The implications of this finding are enormous, as most breaches result from compromised credentials. In many ways, this is equivalent to “leaving the doors and windows unlocked”.

  • Over 92% of organizations believe it is essential or very important to assess third-party risk and 89% think the same for third-party organizations, relying on traditional HR processes such as background checks designed to onboard new employees. These tools are ineffective in managing their growing number of third-party non-employees, which includes non-human worker identities such as bots, RPAs, and IoT devices, which can often exceed the number of full-time employees of a company. organization.
  • Surprisingly, only 20% of organizations plan to increase their third-party spendingreinforcing the disconnect between the recognized need to improve their third-party identity management programs and actions to mitigate risk and reduce exposure to cyberattacks and breaches.

“The biggest security blind spot for the majority of organizations is the network of agencies, partners, vendors, contractors, and companies with whom they not only do business, but who have access to data and systems,” said David Pignolet, Founder and CEO. by SecZetta. “It is essential security best practice to apply the same level of care to the third-party worker population that organizations apply to their full-time employees. Organizations should execute risk-based third-party identity management strategies at every stage of the worker lifecycle, from proper onboarding, to routine verification and auditing, to potential offshoring and relocation. deprovisioning of third party access.

The complexity of identity management requires increased investment in the right tools and services, such as third-party identity lifecycle management, to improve operational efficiency and reduce the costs and risks associated with identity management. managing dynamic and high-risk relationships with third-party individuals and organizations. .

SecZetta will host a webinar with ESG Principal Analyst Jack Poller on April 27, 2022 at 11:00 a.m. ET to discuss the results in more detail. Registered attendees will receive a free copy of the e-book, “Securing the identity perimeter with Defense”, further detailing the search results. To register, visit

This online quantitative survey of 488 North American IT and cybersecurity professionals was conducted between December 14 and December 28, 2021. Respondents were all employed in organizations of 500 or more employees, spanning multiple verticals , including manufacturing, financial services, retail and and primarily focus on identity and access management programs, projects, processes, solutions/platforms and services.

Source: ESG research survey, Securing the identity perimeter with defenseDecember 2021

About SecZetta

SecZetta is the leading provider of third-party identity management solutions. Our solutions enable organizations to execute risk-based identity access and lifecycle strategies for diverse non-employee populations. Because the solution suite is purpose-built, it is able to manage the complex relationships organizations have with non-employees in a single, easy-to-use application that simultaneously helps facilitate business initiatives, support regulatory compliance and to reduce third-party risks. . For more information about SecZetta, visit

About Marion Browning

Check Also

San Diego County COVID Vaccination Clinics Now Accepting More IDs

San Diego County has changed its public COVID-19 vaccination policy to indicate that its vaccination …