Most data breaches on enterprise attack the supply chain
It helps hackers scale the attacks quickly
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The vast majority of data breaches happening in the enterprise occurred through the software and technology supply chain.
This is according to a new research paper published by SecurityScorecard, which claims 75% of all third-party breaches targeted the software and technology supply chains, mostly because threat actors can scale their operations “with minimal effort” that way.
What’s more, 75% of organizations are at the “highest levels of maturity”, as their third-party risk programs have been manual as of 2021. “Companies must work toward automating vendor identification and cyber risk management across their entire digital ecosystem,” the researchers concluded.
The States in focus
It’s worth noting that the majority of all these breaches analyzed for the report were related to the MOVEit managed file transfer software. This product was found vulnerable in a way that allowed threat actors to exfiltrate sensitive data from its users.
Almost two-thirds (61%) of all third-party breaches were attributed to MOVEit. To make things worse, 64% of all third-party breaches were linked to Cl0p, the ransomware operators who were said to be the first ones to exploit the MOVEit flaw. LockBit, another infamous ransomware operator, took up just 7%.
Of all the different industries, the healthcare vertical was most affected by third-party breaches, making up 35% of all attacks. Healthcare-related data is highly prized by hackers.
Leaking it can cause all kinds of problems to the organization it was stolen from, which makes them more inclined to pay a potential ransom demand. Alternatively, threat actors can sell it well on the dark web.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Finally, two-thirds (64%) of all third-party breaches happened in North America, of which - 63% in the United States. SecurityScorecard does stress that this data may be somewhat skewed, as both the media and the security industry is “overwhelmingly” focused on English-speaking countries, and the US specifically.
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
HPE reveals critical security bug affecting networking access points
A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now
Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report