Ethical Hacking News
Third-party breaches have doubled in the past year, with 30% attributed to exploited software vulnerabilities and supply chain compromises, according to a comprehensive report by Verizon. As global supply chains become increasingly complex, organizations must prioritize cybersecurity when engaging with third parties to mitigate risks.
The percentage of confirmed data breaches involving third-party relationships has doubled in the past year, with 30% attributed to exploited software vulnerabilities and supply chain compromises. Weak third-party practices continue to expose organizations to significant risks, as evidenced by the median time to remediate leaked secrets averaging 94 days. The human element plays a critical role in 60% of breaches, highlighting the importance of education and awareness in cybersecurity best practices. Major organizations have been targeted by threat actors using stolen credentials, with affected customer accounts often having previously exposed credentials. The absence of secure-by-default standards on infrastructure-as-a-service or cloud-based solutions can create significant hurdles in maintaining the security bottom line.
In an era where global supply chains are increasingly complex and interconnected, the threat landscape has evolved to exploit these very same vulnerabilities. According to a comprehensive report released by Verizon, the percentage of confirmed data breaches involving third-party relationships has doubled in the past year, with 30% of all breaches now attributed to exploited software vulnerabilities and supply chain compromises.
This alarming statistic highlights the growing reliance on third-party vendors and business partners for various critical functions, such as infrastructure provision, application development, and customer support. However, this increased reliance also amplifies the potential risks associated with these relationships, making it essential for organizations to prioritize cybersecurity when engaging with third parties.
The Verizon report underscores the importance of proper access controls, including preventing credential misuse, in mitigating the risk of downstream attacks. Weak third-party practices continue to expose organizations to significant risks, as evidenced by the median time to remediate leaked secrets, such as API keys or tokens discovered in public GitHub repositories, which averaged 94 days.
Furthermore, the report highlights the critical role played by malicious emails featuring AI-generated content, with the percentage of such emails doubling over the past two years. This trend underscores the evolving nature of cyber threats and the need for organizations to remain vigilant in detecting and mitigating such risks.
Notably, the Verizon report also emphasizes the human element as a factor in 60% of breaches, underscoring the importance of education and awareness in cybersecurity best practices. The median ransom payment, however, has decreased to $115,000, with 64% of affected organizations refusing to pay ransom demands.
Major organizations such as Santander and Ticketmaster were recently targeted by threat actors from the ShinyHunters group, leveraging stolen credentials to access Snowflake customer accounts, affecting hundreds of millions of records. While Snowflake acknowledges its initial failure in addressing this issue, Verizon notes that it was not solely the platform's responsibility, with roughly 80% of affected customer accounts having previously exposed credentials.
The report also highlights the challenges faced by organizations when securing third-party vendors, particularly those providing infrastructure-as-a-service or cloud-based solutions. The absence of secure-by-default standards on these platforms can create significant hurdles in maintaining the security bottom line.
To mitigate such risks, Verizon recommends that organizations prioritize cybersecurity during the procurement process and ensure that cybersecurity is treated as a priority. This may involve removing deeply entrenched providers from an environment or implementing additional security measures to address vulnerabilities.
Ultimately, the study serves as a cautionary tale about the importance of prioritizing third-party cybersecurity and addressing vulnerabilities in the supply chain. By acknowledging these risks and taking proactive steps to mitigate them, organizations can reduce their exposure to cyber threats and maintain the trust and confidence of their customers.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Double-Edged-Sword-of-Third-Party-Cybersecurity-A-Study-in-Vulnerability-and-Accountability-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/04/24/security_snafus_third_parties/
Published: Thu Apr 24 05:09:03 2025 by llama3.2 3B Q4_K_M
