If you’re involved in cybersecurity today, you know the threat landscape never sits still. It’s a constantly moving target, always evolving, always finding new ways to challenge our defenses. We recently dug into the Verizon Data Breach Investigations Report DBIR 2025, and frankly, one number jumped out at us like a sudden, loud alarm: third-party involvement in data breaches more than doubled this past year.
Yes, you read that right – from about 15% to a significant 30%. This isn’t just an abstract statistic. It is a clear, urgent signal that our interconnected world has created new highways for attackers, and our supply chains are now firmly in their sights. This critical finding from the DBIR is strongly echoed by the ENISA Threat Landscape (ETL) report for 2024, which independently identifies supply chain attacks as a pervasive threat across various sectors in Europe and beyond. The **supply chain security** challenge is no longer just a technical issue; it’s a fundamental business risk we must address head-on.
The Alarming Rise: What the Data Reveals
Seeing third-party breaches climb to 30% of all reported incidents is a wake-up call for every organization, regardless of size or industry. It shows that attackers have recognized the immense value in compromising an entity that serves or connects to many others. Think of it like a sprawling town: instead of breaking into house after house, the smart burglar finds the key to the main gate or the central delivery service hub. That’s what’s happening in cybersecurity. Our reliance on external partners – for software, services, data hosting, and more – creates a web of dependencies. When one part of this web is compromised, the effects can ripple outwards, impacting everyone connected. This sharp increase underscores how crucial it is to extend our security thinking beyond our own four walls.
Common Paths of Exploitation Through the Supply Chain
Attackers are strategic, always looking for the easiest route to achieve their goals. The DBIR 2025 report details how they exploit trusted relationships and technical weaknesses within the supply chain.
Exploiting Technical Vulnerabilities and Misconfigurations
One of the main highways attackers use involves vulnerabilities in software or devices provided by third parties. In fact, the DBIR 2025 points out that exploiting vulnerabilities as an initial access method climbed to 20% this year. This includes attackers leveraging zero-day exploits against devices like VPNs and other edge devices. These devices can be easier targets, perhaps not patched as diligently as core systems, or sometimes managed by third parties whose security practices aren’t fully transparent.
Moreover, the ETL report confirms this trend, highlighting issues with devices from vendors like Ivanti, NetScaler, and Fortinet as common targets. It’s like a weak lock on a frequently used back door; attackers find it, use it, and get in.
In addition, both reports mention misconfigured services – like databases left open on the internet – as persistent risks. Simple human errors in configuration can create critical entry points, proving that sometimes, it’s the basics we miss.
Exploiting Compromised Credentials and Human Trust
Another highly effective tactic relies on getting their hands on compromised credentials and secrets. The DBIR’s analysis of data from infostealers – malware designed to steal information – shows that corporate logins are readily available. These might come from employees using personal, non-managed devices (a BYOD risk many grapple with) or from secrets accidentally exposed in public code repositories.
The Snowflake breach, where access was gained via stolen credentials to a cloud data platform, is a stark real-world example of how this works. Attackers also resort to brute force attacks, trying common passwords or spraying leaked credentials across many accounts. Social engineering remains incredibly effective, especially when attackers impersonate trusted third parties. Phishing emails or messages that seem to come from a known vendor or partner are hard for employees to ignore. Attackers craft believable scenarios, sometimes using job search platforms as lures, as noted in the ETL. The DBIR even highlights “prompt bombing,” where users are flooded with MFA push notifications, hoping they’ll eventually just accept to make it stop – a clever way to bypass multi-factor authentication. Human trust, unfortunately, is still a powerful vulnerability.
The Far-Reaching Outcomes: Beyond Data Exposure
When a third party is breached, the impact goes far beyond just the data that might be stolen. Both reports, including DBIR 2025, emphasize the devastating consequences of business interruption events (BIRs). Think about the recent high-profile cases like Change Healthcare, CDK Global, and Blue Yonder. These weren’t just data leaks; they were operational shutdowns that brought critical processes to a halt for countless downstream businesses across healthcare, retail, and food services. The financial cost and disruption can be immense. It’s like a vital utility being shut off; the whole town suffers. These incidents clearly show the critical overlap between cybersecurity risk and operational risk. The data compromised is often highly sensitive – personal data, internal documents, credentials, medical records (ETL). This fuels further malicious activity, from identity theft (DBIR Section 3) to sophisticated fraud and espionage.
The Strategic Appeal: Why Attackers Target Third Parties
Why are third parties such juicy targets? Attackers are pragmatic. The DBIR 2025 notes that external actors, driven by financial gain and espionage, see third parties as efficient pathways. Compromising one vendor can potentially unlock access to data or systems belonging to many clients. It’s a matter of scale and finding the path of least resistance. Some third parties might have less mature security controls or fewer resources than the large enterprises they serve, making them a relatively softer target. Gaining a foothold through a vendor’s less secure system or using credentials exposed elsewhere can be a lower-effort way to reach higher-value targets.
Building Resilience: Strengthening Your Supply Chain Security
Simply protecting your own network isn’t enough in today’s landscape. A proactive, layered strategy that explicitly includes your vendors and partners is essential. Here are key actionable steps:
-
Robust Vendor Risk Management: Make supply chain security and Risk Management Strategy a non-negotiable part of vendor selection. Demand proof of their security posture, use clear contracts defining security requirements and responsibilities, and establish a plan for vendor-related incidents.
-
Aggressive Vulnerability Management: Patching is essential, especially for internet-facing devices and third-party software. Attackers exploit known vulnerabilities. Automate where possible and prioritize based on risk.
-
Comprehensive Network Security: Segment your network rigorously. Place third parties in a separate zone (like a DMZ) and micro-segment critical environments (like OT automation cells). This helps contain breaches.
-
Enhanced Identity and Access Control: Implement mandatory multi-factor authentication (MFA) for external, remote, and privileged access. Review BYOD policies and scrutinize privileged accounts, secrets, and API keys, implementing least privilege.
-
Continuous Monitoring and Threat Detection: Implement centralized logging and use a SIEM solution to monitor activity, including third-party connections. Focus detection rules on anomalies. Train employees to report anything suspicious.
-
Tailored Security Awareness Training: Recognize that people are often targets. Tailor training (e.g., phishing, pretexting) to different roles. Encourage a culture where reporting is rewarded.
-
Proactive Collaboration and Information Sharing: Engage with industry groups (ISACs/CERTs) and law enforcement. Share threat intelligence. Build relationships with law enforcement before a crisis for faster response.
Looking Ahead: The Evolving Landscape
The threat landscape, including the role of third parties, will continue to evolve. Emerging technologies like Generative AI, while tools for defenders, are also being leveraged by attackers to create more convincing phishing lures and deepfakes, as highlighted in the ETL. Attackers are constantly refining their techniques. Staying ahead requires continuous adaptation and a forward-looking perspective.
Conclusion: Securing the Interconnected Future
The doubling of third-party breaches revealed in the DBIR 2025 is a stark reminder of the interconnectedness of risk in our digital world. In this context, the supply chain security threat is real, present, and growing. As a result, it demands a proactive, integrated approach that treats vendors and partners as extensions of your own security perimeter. To address this effectively, focus must be placed on robust vendor risk management, rigorous technical controls, continuous monitoring, effective security awareness, and active collaboration. In doing so, you can build resilience. Ultimately, it’s not just about preventing breaches; it’s about making your organization resilient enough to withstand and quickly recover from attacks, ensuring your business operations remain secure and available. Therefore, the journey towards stronger supply chain security is continuous, requiring vigilance, collaboration, and a commitment to the basics, applied across your entire ecosystem.
