exploitation of trust. Jet Infosystems research

Jet Infosystems experts conducted study dedicated to the analysis of the problems and risks associated with attacks through third-party organizations, when attackers attack the target company not directly, but through its trusted partners, suppliers or contractors.

Although companies’ spending on information security has grown significantly in recent years, funds are mainly invested in perimeter protection and information security monitoring. The study shows that the risks associated with attacks on suppliers are largely overlooked, leading to numerous cases of hacks through contractors. Recently, dozens of major incidents have become public. Typically, companies try not to advertise such problems, so the real number of such cases is much higher.

Key figures from the study:

• 80% of companies use the same safeguards for contractors and service providers as they do for company remote workers.
• Only 20% of companies define a set of protective measures based on the specifics of the interaction and the risk profile of the supplier.
• Less than 10% of companies carry out activities to assess the level of information security of a service provider. The assessment is carried out mainly using questionnaires and is often formal in nature – it does not affect the further decision on choosing a supplier or architecture for connecting to company resources.
• 38% of companies use external free services to exchange large files with third parties. At the same time, the employee – the initiator of the exchange, as a rule, independently determines the security requirements, guided by the principles of speed and convenience.

Advertising. Jet Infosystems advertiser, OGRN 1027700121195