By John Bruggeman, CSO Magazine
Click here to read the entire article.
Your security is only as strong as your sketchiest vendor; since 35% of breaches start with partners, it’s time to worry about their firewalls, not just yours.
Over the last four years, I’ve watched organizations get blindsided by threats that originated in a third-party network. More than 35% of data breaches are caused by a compromised vendor or partner, not by any failure in the organization’s controls. While many organizations know that the biggest threats to their security come from forces entirely outside their control, that risk is accelerating this year.
Some of those forces come from beyond their network and even far beyond their region. International conflict is influencing attacker behavior in ways that are showing up far from conflict zones. AI-driven automation is reducing the effort required to exploit systems and people. Third-party risk continues to be the most common reason well-defended organizations still suffer serious incidents.
These three factors are creating an environment that is heightening cybersecurity risk. I work with organizations that invest in security, quantify risk and take resilience seriously. Yet when something truly disruptive happens, it is rarely because a basic control was missing. Security is only as strong as the weakest link in a chain that extends far beyond an organization’s firewall — and those weak links are multiplying.
Geopolitics amplify cyber risk, particularly for OT networks
For a long time, geopolitical conflicts felt like a separate category of risk. If you did not operate in or near a conflict zone, it was easy to assume it posed little risk to your organization or your security posture. In my experience, that assumption no longer holds.
In my previous position, we had an office in Israel, so I was always alert and aware of tensions and conflicts in that area. What I see consistently is that techniques used in active geopolitical conflicts do not stay contained to that geographic area or digital environment. The techniques and tactics are tested, refined and then used by criminal groups and other threat actors. Eventually, they surface in environments that have nothing to do with the original conflict.