Ninety-eight percent of organizations have been associated with one or more third parties which were impacted by data breaches
over the past two years, SecurityWeek
Moreover, more than 50% were indirectly related to over 200 breached fourth-party entities, according to a SecurityScorecard report. While the findings do not indicate the organizations being compromised as a result of such relationships, it reveals their exposure to supply chain risks, researchers said.
"We define a breach as any incident where parties gain unauthorized access to computer data, applications, networks, or devices. The parties could be intruding threat actors who bypass or penetrate security mechanisms from the internet, or they could be organization insiders who abuse their privileged access to data and resources," said SecurityScorecard Vice President of Data Quality and Trust Mike Woodward.
Meanwhile, The Cyentia Institute co-founder and partner Wade Barker noted that the report sheds light on the importance of cyber risk management throughout the digital supply chain.
"By having full visibility into the security posture of their third and fourth parties, organizations can work with their vendors to address any cybersecurity gaps they may have in their infrastructure and, in turn, reduce their own level of cyber risk," Barker added.