Over half of organizations have experienced a third-party data breach

News
By published

Third parties are often trusted implicitly

ID theft
(Image credit: Future)

More than half of businesses (51%) have suffered a data breach that was caused by a third party, a new report has claimed.

New research from the Ponemon Institute and SecureLink claims it’s mostly the victims’ fault, as these organizations fail to take appropriate measures to protect themselves, and often take the “fingers crossed” approach to third-party risk management.

As a result, they’re exposing their networks to both security, and non-compliance risks, and it shows - with almost half (44%) suffering a breach within the last 12 months. Of that number, three-quarters (74%) said it came after giving too much privileged access to third parties.

Going deeper on what businesses are doing wrong, the report says many are outsourcing critical business processes to third parties without properly assessing their security and privacy practices. Even though many businesses see third-party remote access as a security threat, they’re not prioritizing it. 

Third-party attacks

Third-party data breaches can be devastating for the victim, and everyone else involved. Last year, for example, a malicious actor accessed an email account of Canon Business Process Services, General Electric’s (GE) vendor. Through the account, the attackers were able to obtain valuable and sensitive data on GE employees, such as bank account numbers and passport numbers. 

SolarWinds was another third party whose software was used to get to dozens of large corporations and US government organizations. In what’s known as one of the most devastating supply-chain attacks in recent history, (allegedly Russian, state-sponsored) malicious actors used stolen Microsoft 365 accounts to compromise SolarWinds’ network and slip in malicious code into an upcoming patch for its Orion system.

The patch was later downloaded by more than 33,000 organizations and corporations around the world. The Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, the Treasury, as well as Microsoft, Cisco, Intel, and Deloitte, are just some of the organizations that fell victim to the attack.

Via: VentureBeat

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Third-party data breaches have become a major security concern
Concept art representing cybersecurity principles
What businesses need for modern third-party risk management
security
The true cost of a security breach
A hand reaching out to touch a futuristic rendering of an AI processor.
Rethinking vendor risk management in the age of AI and automation
Security padlock in circuit board, digital encryption concept
Rising cost of breaches forces organizations to rethink cybersecurity
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Latest in Security
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Latest in News
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what's happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
US flags
US government IT contracts set to be centralized in new Trump order
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
More about security
hacker.jpeg

Key trusted Microsoft platform exploited to enable malware, experts warn
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Coinbase targeted after recent Github attacks
iPhone 16 Pro Desert Titanium in hand

I think the rumored iPhone 17 Pro redesign looks great – but is it Apple enough?
See more latest