NEW YORK–(BUSINESS WIRE)–
SecurityScorecard today released its Global Third-Party Cybersecurity Breach Report. Using the world’s largest proprietary risk and threat data set, SecurityScorecard STRIKE threat hunters analyzed threat groups’ mass exploitation of supply chain vulnerabilities.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240228143611/en/
(Graphic: SecurityScorecard)
Key findings include:
-
75% of third-party breaches targeted the software and technology supply chain
Technology supply chain vulnerabilities enable threat actors to scale their operations with minimal effort. With 75% of organizations at the highest levels of maturity saying their third-party risk program is manual as of 2021,1 companies must work toward automating vendor identification and cyber risk management across their entire digital ecosystem.
-
64% of third-party breaches linked to C10p
Notorious cybercrime group C10p was responsible for 64% of attributable third-party breaches in 2023, followed only by LockBit at a mere 7%. C10p’s dominance was fueled by extensive attacks exploiting a critical zero-day vulnerability in…
