Global volatility has created new opportunities for cybercriminals to exploit, infiltrate and attack. Recent crises such as the war in Ukraine, Europe’s energy crisis and China-Taiwan tension expose a country or business’s weak spots and paint them ripe for disruption. According to the 2022 Verizon Data Breach Investigations Report, ransomware has continued its upward trend in 2022 with a nearly 13% increase in ransomware breaches — a rise as big as the last five years combined (for a total of 25% this year).
Unfortunately, hackers thrive on chaos and uncertainty — and economic turmoil isn’t going away any time soon. To guard against cybercrime, it’s critical to monitor and assess every secret window into your organization’s operations. For most, these gateways are in the supply chain among third parties — and it’s how criminals are breaking in and wreaking havoc, particularly with ransomware.
The Crippling Effects of Ransomware
In 2021, ransomware emerged as the most common method of third-party breaches accounting for 27% of attacks — a notable increase from only 15% in 2020. High-profile criminals continued to dominate headlines this year as well. Recently ransomware gang Conti infiltrated the Costa Rican government using compromised credentials from the Ministry of Finance. The gang then threatened to leak data unless they received a ransom of $20 million.
Also this year, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn U.S. healthcare and public organizations that North Korean state-sponsored hackers were targeting them with the Maui ransomware strain. CISA, the Federal Bureau of Investigation (FBI), and the Treasury cautioned victims that paying up could run afoul of U.S. sanctions rules. The issue with ransomware attacks is that criminals know businesses will pay to save face and protect continuity — especially during a time of volatility and disruption. However, the cost is growing to be astronomical —both from a financial and reputational standpoint.
IBM’s recent survey revealed that the average cost of a data breach in 2022 is $4.35 million. To make matters worse, Black Kite’s recent ransomware report found that the average cost of a ransomware incident averaged $22.18 million between 2017 and 2021. The report also revealed that healthcare and government are the most impacted. The finance and insurance sectors experienced the most incidents (445), with an average cost of $35.34 million per incident. However, the financial impact isn’t the only repercussion.
A company’s reputation can suffer long-lasting damage after a cyberattack occurs. In fact, experts predict that Australian communications company Optus, which recently suffered a breach where the personal information of 9.8 million customers was compromised, will lose customers to their main competitor Telstra as a direct result of the breach. U.S.-based banking giant Wells Fargo is still working on rebuilding its brand and regaining customer trust nearly two years after a data breach that exposed its sensitive data, including the Social Security numbers of thousands of customers.
Leaders must now act to protect their businesses and customers from threat actors. The first step toward better defense is to identify and monitor the business’s weakest link — often, it’s a third party located deep in the supply chain.
How Bad Actors are Taking Over: Weak Third Parties
It’s impossible to protect a business from cybercrime without understanding the cyberhealth of its entire network. Many organizations struggle to maintain continuous visibility into the cyber posture of hundreds of their third parties for proactive mitigation.
As a result, ransomware gangs target large global businesses through a smaller, weaker third party with the data they need. The most frequent incident cause is unsecured servers and databases, accounting for 19% of all incidents, with an average cost per incident of $112.93 million. Unsecured external facing assets pose a significant risk — especially when a third party manages personally identifiable information (PII) on behalf of a company.
It’s alarming to note that ransomware is the most common attack method of third-party attacks. In 2021, Forrester predicted 60% of security incidents in 2022 would result from third-party incidents. Even more shocking is that the average time for companies to identify a third-party breach is 287 days — nearly 9.5 months. Given that the time window to steal critical data and raise stakes is so vast, companies shouldn’t solely rely on periodic security scores alone for vendor risk management.
Businesses don’t have to wait for something to go wrong or use inherent risks to predict impact. The only way to be preventative is to maintain a continuous, comprehensive view of cyber risk across all third parties, which includes 24/7 access information for real-time, actionable insight.
Protection Begins with Proactive Intelligence
To achieve the level of visibility needed in today’s dangerous cyber landscape, many businesses are outsourcing security and focusing on preventative measures.
Technology can help companies move beyond stale security ratings to actively vet new vendors, automate their compliance questionnaire process, and continuously monitor all their customers’ vendors in one place. This gives businesses a real-time view of third-party security controls in patch and credential management, SSL/TLS strength, and application and website security. It also ensures compliance across critical cybersecurity frameworks.
Without tech, it may be impossible — or at the least, extremely time-consuming — to gather the data needed on thousands of third parties to monitor the ever-evolving risk landscape. With Open-Source Intelligence (OSINT), companies can continuously pull publicly available data to gather real-time intel for a 360-degree view of their network’s cyber posture.
It’s also critical to go beyond using classification-based models to identify which vendors are vulnerable based on inherent risk (assuming no controls are in place). Risk should be determined using a real probabilistic study to predict the complete financial impact of proactive measures. Tech can enable businesses to look at all the controls in place and figure out the weakness/effectiveness of those controls — as well as the frequency of attack or compromise. With this information, you have a true, accurate look at what that risk means for your company specifically.
Moving Ahead with Cyber Resilience
Geopolitical challenges and global volatility may be on the rise — but businesses don’t have to let the bad guys win. Tech can enable businesses to move beyond meaningless cyber scores and checklists for vendors. While a bird’s eye view may show a decent cyber rating, the weeds can reveal a massive opportunity for bugs, CVE codes, and severities to thrive. By efficiently assessing and continuously monitoring the cyber health of your supply chain, it’s possible to stay to the left of boom.