Unauthorized network access most common cause of third-party attacks

Image via Unsplash

Black Kite’s annual Third-Party Breach Report was released for 2022. The report examines the impact of third-party cyber breaches. The level of breach impact doubled in 2022 with 4.73 affected companies per vendor compared to 2.46 companies per vendor in 2021. With 63 third-party breaches analyzed and 298 publicly disclosed victims last year, the magnitude of attack continues to increase, putting organizations at heightened risk in 2023.

The report’s key findings include:

Unauthorized network access was the most common root cause of third-party attacks, initiating 40% of the third-party breaches last year.
Ransomware accounted for 27% of third-party breaches in 2022 — a decrease from 2021.
The average time between an attack and the disclosure date was 108 days, with a 50% increase from 2021 — giving threat actors more time to cause significant damage with stolen data.
Technical services vendors (providing infrastructure services) were the top target of third-party breaches. In the top three for a fourth consecutive year, these vendors were included in 30% of incidents.
The healthcare industry was the most common victim of third-party breaches accounting for 34% of incidents 2022 — an increase from 2021 — followed by finance (14%) and government (14%).

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Employees don’t feel prepared to navigate an increasingly dangerous world, and they expect their employers to not only care about their personal safety, but to actively keep them safe.