The report highlights the risks of securing unmanaged, remote contractors in an enterprise environment. Many organizations depend on contractors and freelance workers to provide important services, but don’t have enough visibility into the technologies they are using or the potential security risks they take when conducting business.
“Typically an organization will grant contractors or freelancers access to the corporate applications and data needed to carry out their job responsibilities on behalf of the organization,” Ohad Bobrov, co-founder and CTO at Talon, said via email. “This could be anything from financial data and applications to marketing platforms and sensitive materials, depending on the nature of work being done.”
An increasing number of organizations are relying on contractors and freelancers for critical business functions amid a shift toward the gig economy, according to research from Forrester.
“You may think of them as an employee, they may have a corporate email address, they may even sit next to you at the office, but they are not employees,” said Alla Valente, senior analyst at Forrester. “These are third-party entities that can become the conduit for cyberattack and expose your organization to undue risk.”
Threat actors have targeted third-party contractors in some high-profile incidents over the past year. In one of the most high-profile attacks, Okta was the victim of a ransomware attack by Lapsus$ after attackers launched a ransomware attack against Okta in January by targeting the laptop of a third-party customer support engineer.
After initially denying the attack, Okta later confirmed 2.5% of its customers were impacted by the data breach. Okta admitted embarrassment after the threat actor posted screen shots two months after the initial attack.
Get the free daily newsletter read by industry experts
A PwC study shows cyber risk is a top concern among entire C-suite and corporate boards as companies are spending additional funds to boost resilience.
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started ➔
A PwC study shows cyber risk is a top concern among entire C-suite and corporate boards as companies are spending additional funds to boost resilience.
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
The free newsletter covering the top industry headlines
