Third-party vendors pose serious cybersecurity threat to national security

In this Help Net Security video, Paul Prudhomme, Principal Security Analyst at SecurityScorecard, discusses the findings of the 2024 Redefining Resilience: Concentrated Cyber Risk in a Global Economy Research report.

This research details a surge in adversaries exploiting third-party vulnerabilities and uncovers an extreme concentration of cyber risk in just 15 vendors, posing a serious threat to national security and global economies.

Key findings include:

• 150 companies account for 90% of the technology products and services across the global attack surface.
• 41% of those companies had evidence of at least one compromised device in the past year.
• 11% had evidence of a ransomware infection in the past year.
• 62% of the global external attack surface is concentrated in the products and services of just 15 companies.
• The top 15 third parties have below-average cybersecurity risk ratings – indicating a higher likelihood of breach.
• Ransomware operators Cl0p, LockBit, and BlackCat systematically target third-party vulnerabilities at scale. State-sponsored threat actors can find an internet-facing device within five minutes of connecting it.