By David Jones |
The research comes as organizations hit indirectly by attacks on a software supply chain are growing in frequency. Vulnerabilities that expose unsuspecting customers or ransomware attacks that create can chaos spell trouble not only for the targeted party, but for downstream customers.
“Visibility is a barrier to first parties in identifying potential vulnerabilities, as is the sheer volume of vendor relationships for organizations across sectors that indirectly exposes them to cyber risk,” Mike Woodward, VP of data quality and trust at SecurityScorecard, said via email.
The SecurityScorecard research is based on the analysis of more than 235,000 primary organizations globally and about 73,000 vendors and products that are used by them directly or used by their vendors.
A separate report from Black Kite shows attacks on 63 vendor organizations during 2022 impacted almost 300 companies. On average, there were 4.7 impacted companies per vendor in 2022, compared with 2.5 per vendor in 2021.
The most common vector of these attacks was unauthorized network access, accounting for 40% of the incidents, according to Black Kite.
While the exact method of access is not usually disclosed or immediately known, unauthorized network access often is due to phishing, stolen credentials or vulnerabilities in access control, according to Bob Maley, CSO at Black Kite.
“The rise in remote work has opened up more opportunities for bad actors to strike,” Maley said via email. “Remote employees are usually operating on public, accessible networks where hackers are able to gain easy entry.”
Read this and more at CYBERSECURITYDIVE