![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![Z buffer problem in a 2.5D engine similar to monument valley [closed]](https://i.sstatic.net/OlHwug81.jpg)
-1280x720.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Zoonar_GmbH_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Pixel 10 Pro prototype leaks with possibly thicker camera bar, other tweaks [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/12/Pixel-9-Pro-Camera-Closeup-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![M4 MacBook Air Hits New All-Time Low of $837.19 [Deal]](https://www.iclarified.com/images/news/97480/97480/97480-640.jpg)
![[Update] Launch Date for the Google Pixel 10 Series Has Surfaced](https://www.talkandroid.com/wp-content/uploads/2025/04/Pixel-10-Pro-Fold-leak-vertical.webp){kind=tracking}
Supply Chain Security Mitigating Third-Party Risks
Supply chain cyberattacks have exploded by a staggering 431% between 2021 and 2023, transforming what was once a manageable risk into a critical threat that keeps executives awake at night. As organizations increasingly rely on complex webs of third-party vendors and suppliers, cybercriminals are exploiting these interconnected relationships to devastating effect, forcing companies to fundamentally […] The post Supply Chain Security Mitigating Third-Party Risks appeared first on Cyber Security News.
Supply chain cyberattacks have exploded by a staggering 431% between 2021 and 2023, transforming what was once a manageable risk into a critical threat that keeps executives awake at night.
As organizations increasingly rely on complex webs of third-party vendors and suppliers, cybercriminals are exploiting these interconnected relationships to devastating effect, forcing companies to fundamentally rethink their approach to third-party risk management.
The New Reality of Interconnected Vulnerability
Today’s digital supply chains have evolved far beyond simple linear relationships into what experts describe as “a tangled, hyperconnected mess — more like a drawer full of knotted cables than a neat chain”.
This complexity has created numerous entry points for malicious actors, with nearly 15% of all breaches now involving third-party compromises.
The manufacturing sector has emerged as particularly vulnerable, showing cyber risk scores 11.7% below the global average due to its heavy reliance on automation and sensitive intellectual property.
The scale of the threat has prompted a significant shift in how organizations prioritize risks.
According to a recent EY survey of 500 executives, operational risk has now become the top concern in third-party risk management, followed closely by financial, cybersecurity, privacy, and regulatory risks.
This represents a fundamental change from traditional risk models that primarily focused on financial impact.
High-Profile Attacks Demonstrate Widespread Impact
Recent incidents underscore the devastating potential of supply chain attacks. The 2020 SolarWinds breach, where hackers infiltrated the company’s Orion IT monitoring software, impacted over 18,000 organizations including government agencies and Fortune 500 companies.
Similarly, the 2021 Kaseya attack exploited a zero-day vulnerability in remote management software, affecting between 800 and 1,000 businesses globally, including schools in New Zealand and supermarkets in Sweden.
Most recently, a supply chain attack against GitHub Action’s tj-actions/changed-files component exposed secrets across more than 23,000 repositories, demonstrating how quickly a single compromise can cascade across the software development ecosystem.
The incident exposed AWS access keys, GitHub personal access tokens, and private RSA keys, forcing countless organizations to conduct emergency security reviews.
Organizations Implement Stricter Controls
In response to these escalating threats, companies are dramatically tightening their third-party oversight practices.
The percentage of organizations willing to escalate enterprise processes when third parties fail to respond to security questionnaires has jumped from 70% to 87%, while those prepared to cease operations entirely has increased from 17% to 29%.
When risks are identified during assessments, 57% of companies now choose remediation compared to just 17% in 2023. Organizations are also adopting more sophisticated risk tiering approaches, classifying vendors into three categories based on criticality and risk levels.
Tier 1 vendors — those with high criticality and high risk — now face intensive scrutiny including in-depth assessments, on-site security teams, and “one strike and you’re out” policies.
Regulatory and Framework Response
Government agencies have responded with comprehensive guidance frameworks.
The National Institute of Standards and Technology (NIST) updated its Special Publication 800-161 in 2022, providing organizations with detailed cybersecurity supply chain risk management practice.
The Cybersecurity and Infrastructure Security Agency (CISA) has released specialized handbooks for small and medium-sized businesses, recognizing that supply chains are only as strong as their weakest links.
President Biden has further elevated the issue by establishing a White House Council on Supply Chain Resilience through executive order, with goals of building “resilient, diverse, and secure supply chains” through closer cooperation with allies and partners.
Best Practices Emerge for Risk Mitigation
Industry experts recommend a multi-layered approach to third-party risk management.
Key strategies include implementing continuous monitoring systems rather than relying solely on periodic assessments, establishing clear security requirements in all vendor contracts, and maintaining detailed documentation of all third-party relationships and their associated risks.
Organizations are also investing in threat intelligence platforms and automated monitoring services to track changes in vendors’ financial health and cybersecurity posture in real-time.
Regular communication and dialogue with third parties has proven essential, as proactive engagement helps identify potential issues before they escalate into security incidents.
Looking Ahead
As digital transformation continues to expand third-party ecosystems, with companies increasingly relying on cloud services, software-as-a-service providers, and specialized digital platforms, the challenge of securing supply chains will only intensify.
Cybersecurity has now overtaken tariffs as the top concern for supply chain leaders, reflecting the urgent priority organizations place on protecting their extended networks.
The 431% surge in supply chain attacks serves as a stark reminder that in our interconnected digital economy, an organization’s security is only as strong as its most vulnerable vendor.
As we move deeper into 2025, the ability to effectively manage third-party risks will increasingly determine which organizations thrive and which fall victim to the next major supply chain compromise.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The post Supply Chain Security Mitigating Third-Party Risks appeared first on Cyber Security News.
