Enterprises poorly protected against third-party risks
A new report from compliance and risk management firm Kiteworks shows 51 percent of organizations are inadequately protected against third-party security and compliance risks related to sensitive content communications.
It also reveals that most organizations share sensitive content with a long list of third-party entities. Two-thirds do so with more than 1,000 third parties, while one-third have over 2,500.
This clearly causes some issues as 67 percent say they use four or more different systems in order to track, control and secure content communications and 79 percent report that their compliance reports are not completely accurate. Not surprising then that 49 percent of respondents -- and of their executive leadership -- see unifying management, tracking, policies, and reporting for content communications as a top priority.
Businesses are running risks which include 53 percent not encrypting all sensitive communication with third parties, 54 percent not performing DLP (Data Loss Prevention) scans on outgoing email, and under 50 percent applying zero trust policies to file transfers, APIs and web forms.
Over half of the respondents say their organizations are not adequately protected against third-party risk when it comes to sensitive content communications. Many believe existing systems and processes require significant improvement or should be thrown out and rebuilt.
"Nation-states and cybercriminals know that confidential, private data holds great value, and studies show that it is increasingly the target of cyberattacks," says Tim Freestone, chief strategy officer at Kiteworks. "At the same time, regulatory bodies see these trends and have instituted, and continue to do so, standards that help protect sensitive content. This report reveals that many organizations are ill-equipped to deal with the sophistication and volume of today's cyberattacks as well as the breadth of compliance standards when it comes to sharing and storing sensitive content. This lack of maturity creates significant security and compliance risk exposures."
You can get the full 2022 Sensitive Content Communications Privacy and Compliance Report on the Kiteworks site and register for a webinar to discuss the findings to be held on April 27.