Dive briefs:
- According to one study, a total of 98% of organizations worldwide have integrated at least one third-party vendor that has been compromised in the last two years. Report released on Wednesday From SecurityScorecard and Cyentia Institute.
- The report found that third-party vendors were five times more likely to have inadequate security. Half of the organizations have indirect ties to at least 200 third-party vendors that have been previously compromised.
- The information services sector maintains an average of 25 vendor relationships, more than any other sector and more than double the overall third-party vendor average of 10. at 6.5.
Dive Insight:
This research comes amid an increasing frequency of organizations being indirectly hit by attacks on their software supply chains. Vulnerabilities that expose unsuspecting customers and disruptive ransomware attacks can pose problems not only for the targeted party, but also for downstream customers.
Mike Woodward, SecurityScorecard’s vice president of data quality and trust, said in an email.
SecurityScorecard’s research is based on analysis of over 235,000 leading organizations worldwide and approximately 73,000 vendors and products used directly by them or by their vendors.
another Report from Black Kite shows that in 2022, attacks against 63 vendor organizations affected about 300 companies. On average, he had 4.7 affected per vendor in 2022 compared to 2.5 per vendor in 2021.
Unauthorized network access is the most common vector for these attacks, accounting for 40% of incidents, according to Black Kite.
According to Bob Maley, CSO of Black Kite, the exact method of access is usually hidden or not immediately known, but unauthorized network access can be caused by phishing, stolen credentials, or access Control vulnerabilities are often the cause.
“The increase in remote work has created more opportunities for bad actors to go on strike,” Murray said in an email. You are working on a public network.”