Security News > 2024 > March > 98% of businesses linked to breached third parties

98% of businesses linked to breached third parties
2024-03-01 04:30

75% of external business-to-business relationships that enabled third-party breaches involved software or other technology products and services.

The remaining 25% of third-party breaches involved non-technical products or services.

Notorious cybercrime group Cl0p was responsible for 64% of attributable third-party breaches in 2023, followed only by LockBit at a mere 7%. The preeminence of Cl0p was due in large part to its large-scale exploitation of a zero-day vulnerability in MOVEit file transfer software, which was also the most frequently mentioned vulnerability.

The three most widely exploited vulnerabilities were involved in 77% of all third-party breaches involving a specified vulnerability.

Approximately 29% of all breaches in 2023 were attributable to a third-party attack vector.

Healthcare and financial services emerged as the sectors most heavily impacted by third-party breaches, with healthcare accounting for 35% of total breaches and financial services accounting for 16%. The complex ecosystem of third-party relationships may shed light on why healthcare experiences so many breaches in general and third-party breaches in particular.


News URL

https://www.helpnetsecurity.com/2024/03/01/supply-chain-third-party-breaches/