Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

The state of third-party cyber risk amid global chaos

By Bob Maley
third-party-freepik1170x6.jpg
November 28, 2022

Global volatility has created new opportunities for cybercriminals to exploit, infiltrate and attack. Recent crises such as the war in Ukraine, Europe’s energy crisis and China-Taiwan tension expose a country or business’s weak spots and paint them ripe for disruption. According to the 2022 Verizon Data Breach Investigations Report, ransomware has continued its upward trend in 2022 with a nearly 13% increase in ransomware breaches — a rise as big as the last five years combined (for a total of 25% this year).

 

Unfortunately, hackers thrive on chaos and uncertainty — and economic turmoil isn’t going away any time soon. To guard against cybercrime, it’s critical to monitor and assess every secret window into your organization’s operations. For most, these gateways are in the supply chain among third parties — and it’s how criminals are breaking in and wreaking havoc, particularly with ransomware.

 

The Crippling Effects of Ransomware

In 2021, ransomware emerged as the most common method of third-party breaches accounting for 27% of attacks — a notable increase from only 15% in 2020. High-profile criminals continued to dominate headlines this year as well. Recently ransomware gang Conti infiltrated the Costa Rican government using compromised credentials from the Ministry of Finance. The gang then threatened to leak data unless they received a ransom of $20 million.

 

Also this year, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn U.S. healthcare and public organizations that North Korean state-sponsored hackers were targeting them with the Maui ransomware strain. CISA, the Federal Bureau of Investigation (FBI), and the Treasury cautioned victims that paying up could run afoul of U.S. sanctions rules. The issue with ransomware attacks is that criminals know businesses will pay to save face and protect continuity —  especially during a time of volatility and disruption. However, the cost is growing to be astronomical —both from a financial and reputational standpoint.

 

IBM’s recent survey revealed that the average cost of a data breach in 2022 is $4.35 million. To make matters worse, Black Kite’s recent ransomware report found that the average cost of a ransomware incident averaged $22.18 million between 2017 and 2021. The report also revealed that healthcare and government are the most impacted. The finance and insurance sectors experienced the most incidents (445), with an average cost of $35.34 million per incident. However, the financial impact isn’t the only repercussion.

 

A company’s reputation can suffer long-lasting damage after a cyberattack occurs. In fact, experts predict that Australian communications company Optus, which recently suffered a breach where the personal information of 9.8 million customers was compromised, will lose customers to their main competitor Telstra as a direct result of the breach. U.S.-based banking giant Wells Fargo is still working on rebuilding its brand and regaining customer trust nearly two years after a data breach that exposed its sensitive data, including the Social Security numbers of thousands of customers.

  

Leaders must now act to protect their businesses and customers from threat actors. The first step toward better defense is to identify and monitor the business’s weakest link — often, it’s a third party located deep in the supply chain.

 

How Bad Actors are Taking Over: Weak Third Parties

It’s impossible to protect a business from cybercrime without understanding the cyberhealth of its entire network. Many organizations struggle to maintain continuous visibility into the cyber posture of hundreds of their third parties for proactive mitigation.

 

As a result, ransomware gangs target large global businesses through a smaller, weaker third party with the data they need. The most frequent incident cause is unsecured servers and databases, accounting for 19% of all incidents, with an average cost per incident of $112.93 million. Unsecured external facing assets pose a significant risk —  especially when a third party manages personally identifiable information (PII) on behalf of a company.

 

It’s alarming to note that ransomware is the most common attack method of third-party attacks. In 2021, Forrester predicted 60% of security incidents in 2022 would result from third-party incidents. Even more shocking is that the average time for companies to identify a third-party breach is 287 days — nearly 9.5 months. Given that the time window to steal critical data and raise stakes is so vast, companies shouldn’t solely rely on periodic security scores alone for vendor risk management.

 

Businesses don’t have to wait for something to go wrong or use inherent risks to predict impact. The only way to be preventative is to maintain a continuous, comprehensive view of cyber risk across all third parties, which includes 24/7 access information for real-time, actionable insight.

 

Protection Begins with Proactive Intelligence

To achieve the level of visibility needed in today’s dangerous cyber landscape, many businesses are outsourcing security and focusing on preventative measures.

 

Technology can help companies move beyond stale security ratings to actively vet new vendors, automate their compliance questionnaire process, and continuously monitor all their customers’ vendors in one place. This gives businesses a real-time view of third-party security controls in patch and credential management, SSL/TLS strength, and application and website security. It also ensures compliance across critical cybersecurity frameworks.

 

Without tech, it may be impossible — or at the least, extremely time-consuming — to gather the data needed on thousands of third parties to monitor the ever-evolving risk landscape. With Open-Source Intelligence (OSINT), companies can continuously pull publicly available data to gather real-time intel for a 360-degree view of their network’s cyber posture. 

 

It’s also critical to go beyond using classification-based models to identify which vendors are vulnerable based on inherent risk (assuming no controls are in place). Risk should be determined using a real probabilistic study to predict the complete financial impact of proactive measures. Tech can enable businesses to look at all the controls in place and figure out the weakness/effectiveness of those controls —  as well as the frequency of attack or compromise. With this information, you have a true, accurate look at what that risk means for your company specifically.

 

Moving Ahead with Cyber Resilience 

Geopolitical challenges and global volatility may be on the rise — but businesses don’t have to let the bad guys win. Tech can enable businesses to move beyond meaningless cyber scores and checklists for vendors. While a bird’s eye view may show a decent cyber rating, the weeds can reveal a massive opportunity for bugs, CVE codes, and severities to thrive. By efficiently assessing and continuously monitoring the cyber health of your supply chain, it’s possible to stay to the left of boom.

 

KEYWORDS: cyber security geopolitical risk ransomware risk management third-party security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bob Maley, Inventor, CISO, Author, Futurist, and OODA Loop fanatic is the Chief Security Officer at Black Kite, a third-party cyber risk intelligence provider. He has been a leader in security for decades, initially in physical security as a law enforcement officer. Prior to joining Black Kite, Bob was the head of PayPal’s Global Third-Party Security & Inspections team. He also served as chief information security officer for the Commonwealth of Pennsylvania. Bob’s certifications include CRISC, CTPRP, OpenFAIR and CCSK.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • healthcare responsive default

    Third-Party Risk Management amid COVID-19

    See More
  • risk management freepik

    The value of better data in third-party risk assessments

    See More
  • resignation

    Third-party risk challenges presented by the Great Resignation

    See More

Related Products

See More Products
  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!