SiliconAngle reports that third-party compromise accounted for 36% of all data breaches last year, which may still be undervalued due to inadequate reporting and improper classification, highlighting the escalation in vendor-driven attacks.
Attack surfaces have become more varied as technology services and products were only involved in almost half of all third-party breaches, compared with 75% in 2023, a report from SecurityScorecard revealed. Most targeted by third-party attacks were organizations in the retail and hospitality sector, followed by those in the tech and healthcare industries, while Singapore, the Netherlands, and Japan were the most impacted countries. Third-party breach prevalence in the U.S. last year was also found to be below the global average. "Our research shows ransomware groups and state-sponsored attackers increasingly leveraging supply chains as entry points. To stay ahead of these threats, security leaders must move from periodic vendor reviews to real-time monitoring to contain these risks before they escalate throughout their supply chain," said SecurityScorecard STRIKE Threat Research and Intelligence Senior Vice President Ryan Sherstobitoff.
