Unauthorized network access most common cause of third-party attacks

Image via Unsplash

Black Kite’s annual Third-Party Breach Report was released for 2022. The report examines the impact of third-party cyber breaches. The level of breach impact doubled in 2022 with 4.73 affected companies per vendor compared to 2.46 companies per vendor in 2021. With 63 third-party breaches analyzed and 298 publicly disclosed victims last year, the magnitude of attack continues to increase, putting organizations at heightened risk in 2023.

The report’s key findings include:

Unauthorized network access was the most common root cause of third-party attacks, initiating 40% of the third-party breaches last year.
Ransomware accounted for 27% of third-party breaches in 2022 — a decrease from 2021.
The average time between an attack and the disclosure date was 108 days, with a 50% increase from 2021 — giving threat actors more time to cause significant damage with stolen data.
Technical services vendors (providing infrastructure services) were the top target of third-party breaches. In the top three for a fourth consecutive year, these vendors were included in 30% of incidents.
The healthcare industry was the most common victim of third-party breaches accounting for 34% of incidents 2022 — an increase from 2021 — followed by finance (14%) and government (14%).

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.