Third Parties Became the Biggest Threat to Cybersecurity in 2024
Black Kite, a leader in third-party cyber risk intelligence, has released its sixth annual Third Party Breach Report
- |
- Written by Lexi Vander Kolk
Black Kite, a leader in third-party cyber risk intelligence, has released its sixth annual Third Party Breach Report.
This report offers a comprehensive analysis of public breaches and regulatory filings from 2024, alongside exclusive data gathered by the Black Kite Research and Intelligence Team (BRITE). The findings reveal that "silent breaches" hidden within interconnected ecosystems were a major trend in 2024.
Cybercriminals exploited systemic vulnerabilities, using trusted vendor relationships as entry points to cause widespread disruption. This created ripple effects that severely impacted sectors like healthcare, retail, and logistics.
“Digital interconnectedness drives progress, but it also heightens risk. Because of our increasing reliance on software platforms and tools, the exploitation of a single vulnerability can have a catastrophic impact,” said Ferhat Dikbiyik, chief research and intelligence officer at Black Kite. “Amidst these challenges, critical lessons emerged, revealing pathways to resilience and improved cybersecurity practices. BRITE research offers a detailed look at these findings to inform cybersecurity leaders as they build their 2025 strategies.”
Black Kite played a crucial role in helping organizations tackle the challenges of 2024 through FocusTags, advanced modules, and collaborative platforms. Here are the findings:
- Ransomware as a Leading Threat:
Third-party vulnerabilities were key entry points in ransomware attacks, leading to significant disruptions in sectors such as healthcare, manufacturing, and retail. - Unauthorized Network Access:
Comprising 51.7% of publicly reported incidents, unauthorized network access continued to be a widespread challenge, frequently driven by misconfigurations and inadequate access controls. - Credential Misuse and Software Vulnerabilities:
Credential misuse and the slow application of patches, including for zero-day exploits, became significant obstacles in securing third-party systems. - Industry Impacts:
The healthcare, finance, manufacturing, and retail sectors were hit hardest by these incidents, causing ripple effects that disrupted supply chains and undermined stakeholder trust, with finance and insurance at 14.9% and manufacturing at 14%.
There is positive news as well: BRITE’s research reveals that many industries saw improvements in cybersecurity after incidents. Healthcare vendors, responsible for 9% of third-party breaches in 2024, showed the greatest progress, with 62.5% earning better grades following an incident.
This improvement can be partly attributed to regulatory frameworks like HIPAA, which continue to drive stronger cybersecurity practices. Similarly, 33% of financial services providers made notable strides. In contrast, only 21.7% of software services vendors, who face less regulatory pressure, showed measurable improvement.
In conclusion, Black Kite recommends for businesses to make it a priority to strengthen vendor cybersecurity practices, adopt proactive monitoring, and leverage incident learnings to avoid third-party attacks.
