What You Should Know:
– The healthcare industry continues to be the most heavily targeted sector, accounting for 41.2% of third-party breaches in 2024, according to new report from Black Kite.
– Black Kite’s sixth annual Third Party Breach Report reveals a concerning trend in cybersecurity: the rise of “silent breaches.” These hidden vulnerabilities within interconnected ecosystems wreaked havoc across industries in 2024, with threat actors exploiting trusted vendor relationships to launch devastating attacks.
– The report, compiled by the Black Kite Research and Intelligence Team (BRITE), provides a deep analysis of public breaches and regulatory filings from 2024, along with proprietary data. It highlights the evolving tactics of cybercriminals and underscores the urgent need for organizations to strengthen their third-party risk management practices.
Healthcare Security Vulnerability
The report reveals that healthcare security vulnerability stems from the high value of patient data, reliance on third-party providers, and inherent security challenges within the healthcare ecosystem. Despite the concerning trends, the report also reveals some positive developments. Healthcare vendors showed the most significant improvement in cybersecurity posture after incidents, with 62.5% achieving better security ratings. This improvement is likely driven by regulatory requirements like HIPAA, which mandate robust security measures.
Other key findings from the report include:
– Unauthorized Network Access: Over 50% of publicly disclosed third-party breaches in 2024 involved unauthorized network access, highlighting the importance of securing access points and protecting sensitive data.
– Ransomware Remains a Threat: Ransomware continued to be a major disruptor, accounting for 66.7% of known attack methods. Attackers are increasingly leveraging third-party vulnerabilities to amplify the impact of ransomware attacks.
– Software Vulnerabilities: Exploiting software vulnerabilities, including zero-day vulnerabilities, remained a common tactic in 2024. Unpatched or misconfigured systems continue to be an easy target for attackers.
– Credential Misuse on the Rise: Nearly 8% of known attack methods involved credential misuse, highlighting the need for strong password security and multi-factor authentication.
– Shift Towards Software Vendors: One in four third-party breaches originated with software vendors, indicating a growing focus on targeting software supply chains.
“Digital interconnectedness drives progress, but it also heightens risk. Because of our increasing reliance on software platforms and tools, the exploitation of a single vulnerability can have a catastrophic impact,” said Ferhat Dikbiyik, chief research and intelligence officer at Black Kite. “Amidst these challenges, critical lessons emerged, revealing pathways to resilience and improved cybersecurity practices. BRITE research offers a detailed look at these findings to inform cybersecurity leaders as they build their 2025 strategies.”