**UK**: The Verizon Data Breach Investigations Report reveals third-party related breaches doubled to 30%, spotlighting supply chain vulnerabilities. Key risks include credential misuse, delayed fixes, ransomware, and human error, urging improved vendor security and mandatory MFA to protect critical infrastructure and sensitive data.
A recent report reveals a significant increase in data breaches linked to third-party relationships, highlighting a growing security challenge in supply chains and partner ecosystems. The Verizon Data Breach Investigations Report (DBIR), covering incidents from 1 November 2023 to 31 October 2024, found that breaches involving third-party entities doubled from 15% in the previous year to 30% in the current period.
This year’s DBIR, one of the cybersecurity industry’s most closely examined analyses, attributes this rise to cybercriminals increasingly targeting less secure organisations, such as accountants and law firms, as entry points to larger, more valuable networks. Ilia Kolochenko, CEO of ImmuniWeb and fellow of the British Computer Society, explained during the report launch that attackers are pragmatic about costs and often compromise vulnerable companies to reach main targets.
The report highlights failures by vendors and business partners to enforce robust access controls, including inadequate prevention of credential misuse. A specific concern is the delayed remediation of leaked secrets like API keys or tokens, with the median time to fix such exposures in third-party environments at 94 days—providing ample opportunity for attackers. Additionally, credential reuse was a common vector in notable breaches, such as one involving Snowflake, where lack of mandatory multi-factor authentication (MFA) enabled access to customer accounts using previously compromised credentials.
Verizon outlined several additional trends from its 117-page report. Exploitation of software vulnerabilities for initial access grew by 34% year-over-year and now accounts for one in five breaches. Only 54% of vulnerabilities in perimeter devices were fully fixed, with an average remediation time of 32 days. Ransomware incidents were involved in 44% of breaches, marking a 37% increase from the previous year, although the median ransom payment dropped to $115,000, and 64% of organisations refused to pay ransoms altogether.
Human error remained a significant factor, contributing to 60% of breaches, a statistic consistent with the prior year. State-sponsored cyberattacks with financial motives represented 28% of such incidents, while espionage-focused operations comprised 17%. The report also noted a doubling of malicious emails containing AI-generated content over two years, rising from approximately 5% to 10%, and that 15% of employees regularly used generative AI tools on work devices, increasing the risk of data leaks.
High-profile breaches included attacks on major organisations such as Santander and Ticketmaster. These exploitations were linked to the ShinyHunters group, which used stolen credentials to access Snowflake customer accounts, compromising hundreds of millions of records. Verizon emphasised that the incident was partly due to roughly 80% of the affected accounts having exposed credentials before the attack, as well as Snowflake’s initial lack of mandatory MFA, a security gap swiftly addressed following the breach.
The report advises that securing infrastructure provided as a service remains more challenging than managing on-premise assets, particularly when security responsibilities are divided among multiple parties. It stresses the importance of secure-by-default standards on cloud platforms, as evidenced by Snowflake’s rapid policy updates post-incident.
In addition to Snowflake, other major software providers such as CDK Global, Blue Yonder, and Change Healthcare experienced ransomware breaches within the past year. These attacks not only exposed millions of personal records but also caused significant operational disruptions, especially in healthcare, retail, and food service sectors.
Verizon recommends that organisations prioritise cybersecurity during vendor selection and contract negotiations, explicitly specifying third-party security obligations to improve accountability. Implementing fundamental controls—such as mandatory MFA, network segmentation, strict authentication policies, and regular API key rotation—is also urged to mitigate risk.
Concluding the report, Verizon acknowledged the inherent difficulty in fully preventing some cyber threats but underscored that transparency, collaboration, and information sharing between organisations and their suppliers are crucial to building effective threat models and safeguarding sensitive data over the long term.
Source: Noah Wire Services
