A new report carried out by Black Kite’s Third-Party Breach has indicated that while the overall number of third-party breaches decreased marginally in 2022, the assaults affected almost twice as many victims and caused more damage to the healthcare sector than any other industry. A subset of data focusing on sixty-three third-party occurrences that caused a chain reaction of breaches throughout 2022 was used by researchers to assemble their conclusions. Nearly sixty-three assaults against suppliers resulted in third-party breaches that affected approximately three hundred victims of data breaches. This year, the rate of breach impact of companies harmed per vendor was 4.73, a significantly higher figure than that of 2021, where the rate 2.46. Black Kite tied the rise in victims to the ‘cascading risk theory’, which explains that an accumulation effect is present, whereby one third-party is compromised which puts other associated vendors in similar danger. Researchers defined this phrase, stating the following in their work: “chain of causality that occurs when risk and accumulated vulnerabilities interact to raise the possibility of attack,”
The report found that the unauthorized parties generally access network credentials through the following:
- stolen credentials
- vulnerabilities in access control
- all of the above
Almost forty percent of the examined breaches were enabled through illegal network access, which was also a primary reason for most of third-party data breaches. Ransomware, which accounted for twenty nine percent of attacks, was the second most prominent reason for data breaches yet this is a significantly improved figure from the previous year. This is explained in the report:
‘One possible reason for this decrease is that threat actors paused ransomware attacks due to the Russia-Ukraine war. Along with this, a number of sanctions were announced against Russia, including banking restrictions. These restrictions are believed to hinder the ability of Russian-based cybercriminals to buy or rent internet infrastructure and cash out the proceeds from ransomware scams.’
Many industries are subject to third-party breaches with the ever-increasing prevalence of technology and intricate systems; however, it is evident that the healthcare industry was affected to the most severe degree in the previous year. This is seen through the approximate figure of thirty five percent of all third-party attacks, that can be attributed to only the healthcare industry. This is a two percent increase from the previous year of analyzed third party attacks.