Unauthorized network access most common cause of third-party attacks

Image via Unsplash

Black Kite’s annual Third-Party Breach Report was released for 2022. The report examines the impact of third-party cyber breaches. The level of breach impact doubled in 2022 with 4.73 affected companies per vendor compared to 2.46 companies per vendor in 2021. With 63 third-party breaches analyzed and 298 publicly disclosed victims last year, the magnitude of attack continues to increase, putting organizations at heightened risk in 2023.

The report’s key findings include:

Unauthorized network access was the most common root cause of third-party attacks, initiating 40% of the third-party breaches last year.
Ransomware accounted for 27% of third-party breaches in 2022 — a decrease from 2021.
The average time between an attack and the disclosure date was 108 days, with a 50% increase from 2021 — giving threat actors more time to cause significant damage with stolen data.
Technical services vendors (providing infrastructure services) were the top target of third-party breaches. In the top three for a fourth consecutive year, these vendors were included in 30% of incidents.
The healthcare industry was the most common victim of third-party breaches accounting for 34% of incidents 2022 — an increase from 2021 — followed by finance (14%) and government (14%).

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.