The Register: Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year

Apr 24, 2025

—

Source URL: https://www.theregister.com/2025/04/24/security_snafus_third_parties/
Source: The Register
Title: Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year

Feedly Summary: Cybercriminals are targeting software shops, accountants, lawyers
The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems.…

AI Summary and Description: Yes

Summary: The text highlights a concerning trend in cybersecurity where cybercriminals are increasingly targeting third-party relationships, leading to a significant rise in data breaches. This insight is particularly relevant for professionals involved in software security and information security, as it underscores the risks associated with supply chains and partner ecosystems.

Detailed Description: The content outlines the escalating threat of cybercriminals focusing on software vendors and professional services like accounting and legal firms. This trend points to critical vulnerabilities in information security and emphasizes the need for robust security practices across third-party relationships.

– **Rising Threats**: The text reports a doubling of confirmed data breaches involving third-party relationships, indicating a significant increase in the exploitation of supply chain vulnerabilities.

– **Targeted Industries**: Specific sectors such as software development, accounting, and legal services have become prime targets, which raises alarms about the security practices in these industries.

– **Supply Chain Vulnerabilities**: Cybercriminals are focusing on weak links in partner ecosystems, suggesting that organizations need to evaluate their supply chain security measures more rigorously.

– **Practical Implications**:
– Enhanced due diligence when selecting third-party vendors could mitigate risks.
– Regular security assessments and compliance checks of partners are necessary to minimize exposure to breaches.
– Organizations should consider adopting a Zero Trust approach that emphasizes strict verification regardless of the network location.

By addressing the vulnerabilities highlighted in this content, security professionals can develop more effective strategies to protect their organizations against the evolving threats posed by cybercriminals targeting third-party relationships.

2 2025 24 4 5 a account accounting Act AI and app ARM art as assessment breach breaches by C CERN chain CI CIA co compliance Compliance Checks content core critical cross cyber cybercriminal cybercriminals cybersecurit Cybersecurity D data data breach Data breaches de development Double due diligence e ecosystem ecosystems effective end evolving threats exp exploit Exploitation for g Gen GIS Go H high Highlight HR http HTTPS implications in information information security ite k l law led Legal legal services Li Link M measures mini N network o of on OPM opt organization organizations out partner ecosystem partner ecosystems party party breaches party vendor party vendors point practical implications professionals R rate RCE report Risk risks Ro robust security robust security practices RoT Rust s sec sector security security assessment security assessments security measure security measures security practices security professionals service services side Sig size SoC software software development software security software vendors source specific SSE SSO supply supply chain supply chain security supply chain vulnerabilities supply chains system systems T targeted Targeted Industries text the third third-party third-party relationships threat threats to Tor TP trie trust two under up US V val vendor vendors verification vulnerabilities Ware Wi x zero Zero Trust Zero Trust approach