News
Matt Aldridge, OpenText Cybersecurity comment: 75% of cyber security breaches originated through a third-party occurred after victim’s supply chain was attacked
February 2024 by Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions
New cyber intelligence research revealed that approximately 75% of all recorded cyber security breaches that originated through a third-party occurred after other entities in the victim’s software and technology supply chain were attacked.
Third-party breaches account for about 29% of all breaches according to the research and it is no surprise that healthcare and financial services emerged as the sectors most victimised by third-party breaches, including supply chain attacks.
In response to this, Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity has commented offering advice to businesses that operate within a supply chain on how to protect against cyber attacks via third parties.
In today’s unpredictable threat landscape, companies need to be extra vigilant when engaging with any third parties. Organisations should be responsible for all information entrusted to them, whether the data is stored and transmitted internally or is processed by third-party entities. Security cannot take a back seat with hackers stepping up their game and being successful in their attacks.
Businesses of all sizes need to prioritise the security of critical and personal information, as you’re never too small or large to be a target. A key learning lesson here is to ensure that your own security processes are up to date, as well as that third parties who access your network adhere to your security processes.
Businesses must be aware of the weaknesses of third-party integrations and take appropriate measures to secure them. IT leaders should consider cybersecurity standards and protocols when selecting third-party integrations, and ensure that an information-sharing agreement is in place to report security breaches. This can enhance security and help prevent data leaks. To limit the impact of these attacks, businesses that hold private information should ensure they have clearly defined security policies and procedures to avoid any leak of information. This starts with employee education, which underscores all effective cyber resilience and data protection strategies. Security awareness training programmes can now inform and educate employees on the latest threats in real-time, including information security, social engineering, malware, and industry-specific compliance topics.
