Data Breach Access Points Hide in the Digital Supply Chain
Written by: Black Kite
Third-party cyber attacks within the digital supply chain remain a top access route for cybercriminals to gain entry into a company or their data. We’ve seen this occur time and time again; take the recent example of the Red Cross data breach.
Over 500 thousand people connected to the International Committee of the Red Cross had their sensitive data compromised. The threat actor was able to gain access to the data by targeting an external third-party in Switzerland that stored the ICRC data.
Current risk management programs are not up to code
According to a new report by SecureLink and the Ponemon Institute, 61% of their respondents claimed that their current third-party risk management program does not define or rank levels of risk associated with companies in their digital supply chain.
These companies are, more often than not, handling sensitive data on a daily basis. Without continuous awareness and monitoring of their risk level, situations like the ICRC crisis become much more attainable for threat actors.
Of course, the best course of action is to begin monitoring each party you share data with. While some vendors are targeted more often than others, no vendor is too insignificant to ignore.
Software publishers are targeted most
In the latest Black Kite report on third-party breaches, we found that of the vendor types, software publishers were the most frequently targeted for the third year in a row. (A software publisher is a company that develops and markets software, including market research, software production and software distribution.)
Hackers find software vulnerabilities, or edit the code for their own exploitation. Yet, more often than not, companies trust that the software and services they use are secure, and do not check for vulnerabilities along the digital supply chain. In fact, according to the Ponemon Institute report mentioned above, 54% of organizations do not monitor the security or privacy practices of third-parties they share sensitive or confidential information with.
Compromised personal data affected one fifth of the world’s population last year
In 2021, a record-breaking 1.5 billion people’s PII were leaked due to a third-party breach. PII is any information that can be used to identify a specific individual. Maintaining this level of information release is catastrophic to the security of individuals and companies worldwide.
One significant example occurred in April 2021, when over 533 million Facebook users had personal information leaked online. In this situation, cybercriminals posted the stolen data in a hacker forum, free for the taking.
Did you know?