Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Most data breaches on enterprise attack the supply chain

Hacker.

The vast majority of data breaches happening in the enterprise occurred through the software and technology supply chain. 

This is according to a new research paper published by SecurityScorecard, which claims 75% of all third-party breaches targeted the software and technology supply chains, mostly because threat actors can scale their operations “with minimal effort” that way. 

What’s more, 75% of organizations are at the “highest levels of maturity”, as their third-party risk programs have been manual as of 2021. “Companies must work toward automating vendor identification and cyber risk management across their entire digital ecosystem,” the researchers concluded.

The States in focus

It’s worth noting that the majority of all these breaches analyzed for the report were related to the MOVEit managed file transfer software. This product was found vulnerable in a way that allowed threat actors to exfiltrate sensitive data from its users.

Almost two-thirds (61%) of all third-party breaches were attributed to MOVEit. To make things worse, 64% of all third-party breaches were linked to Cl0p, the ransomware operators who were said to be the first ones to exploit the MOVEit flaw. LockBit, another infamous ransomware operator, took up just 7%.

Of all the different industries, the healthcare vertical was most affected by third-party breaches, making up 35% of all attacks. Healthcare-related data is highly prized by hackers.

Leaking it can cause all kinds of problems to the organization it was stolen from, which makes them more inclined to pay a potential ransom demand. Alternatively, threat actors can sell it well on the dark web.

Finally, two-thirds (64%) of all third-party breaches happened in North America, of which - 63% in the United States. SecurityScorecard does stress that this data may be somewhat skewed, as both the media and the security industry is “overwhelmingly” focused on English-speaking countries, and the US specifically.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.