Complete Story


Supply Chain Account Takeover: How Criminals Exploit Third-Party Access


It’s important for businesses of all sizes to not only view their suppliers’ attack surface as their own but also extend some of their security protections.

Empower Your Suppliers Against Attack

The average business shares data with a complex network of third parties, depending on their operational needs. In a survey of security and risk professionals, Forrester learned that the average business has 4,700 third-party partners with some access to corporate data.

Third-party relationships extend your attack surface in ways that are hard to monitor and control. Just 14 percent of the respondents to Forrester’s survey said they were confident they could effectively track all their third parties.

Among the most insidious and potentially damaging of these threats is account takeover (ATO), where cybercriminals obtain email and password combinations and use them to gain unauthorized access to corporate networks. This provides criminals a springboard for a variety of attack types. Data collected from the criminal underground suggests there is a constant risk of ATO to large enterprises. SpyCloud research into risk among Fortune 1000 companies showed a total of 23 million exposed corporate credentials with a high rate of password reuse.


Printer-Friendly Version