The vast majority of data breaches happening in the enterprise occurred through the software and technology supply chain.
This is according to a new research paper published by SecurityScorecard, which claims 75% of all thirdparty breaches targeted the software and technology supply chains, mostly because threat actors can scale their operations “with minimal effort” that way.
What’s more, 75% of organizations are at the “highest levels of maturity”, as their thirdparty risk programs have been manual as of 2021. “Companies must work toward automating vendor identification and cyber risk management across their entire digital ecosystem,” the researchers concluded.
The States in focus
It’s worth noting that the majority of all these breaches analyzed for the report were related to the MOVEit managed file transfer software. This product was found vulnerable in a way that allowed threat actors to exfiltrate sensitive data from its users.
Almost twothirds (61%) of all thirdparty breaches were attributed to MOVEit. To make things worse, 64% of all thirdparty breaches were linked to Cl0p, the ransomware operators who were said to be the first ones to exploit the MOVEit flaw. LockBit, another infamous ransomware operator, took up just 7%.
Of all the different industries, the healthcare vertical was most affected by thirdparty breaches, making up 35% of all attacks. Healthcarerelated data is highly prized by hackers.
Leaking it can cause all kinds of problems to the organization it was stolen from, which makes them more inclined to pay a potential ransom demand. Alternatively, threat actors can sell it well on the dark web.