Cybersecurity
Third-party vendors pose serious cybersecurity threat to national security
In this Help Net Security video, Paul Prudhomme, Principal Security Analyst at SecurityScorecard, discusses the findings of the 2024 Redefining Resilience: Concentrated Cyber Risk in a Global Economy Research report.
This research details a surge in adversaries exploiting third-party vulnerabilities and uncovers an extreme concentration of cyber risk in just 15 vendors, posing a serious threat to national security and global economies.
Key findings include:
- 150 companies account for 90% of the technology products and services across the global attack surface.
- 41% of those companies had evidence of at least one compromised device in the past year.
- 11% had evidence of a ransomware infection in the past year.
- 62% of the global external attack surface is concentrated in the products and services of just 15 companies.
- The top 15 third parties have below-average cybersecurity risk ratings – indicating a higher likelihood of breach.
- Ransomware operators Cl0p, LockBit, and BlackCat systematically target third-party vulnerabilities at scale. State-sponsored threat actors can find an internet-facing device within five minutes of connecting it.