Third-party attacks: A growing threat
Third-party attacks have emerged as one of the most critical threats in the modern cyber landscape. Adversaries increasingly exploit vulnerabilities within external vendors, suppliers, contractors, and service providers to gain indirect access to target organizations, often with severe consequences. These breaches can lead to significant data loss, operational disruption, regulatory penalties, and reputational damage. As a result, third-party risk management (TPRM) is no longer just an IT concern, it’s a board-level imperative essential to protecting sensitive data and maintaining customer trust.
In our 2025 State of the Underground report, we observed a 43% year-over-year increase in data breaches shared on underground forums, with US organizations representing nearly 20% of all identified victims.
Moreover, we uncovered 2.9 billion unique sets of compromised credentials leaked throughout 2024, marking a sharp rise from the 2.2 billion recorded in 2023. I don’t mean to be dramatic, but that is a HUGE increase. These findings underscore the escalating urgency for organizations to implement robust TPRM…
