Listen to this Post
Introduction
In
With high-profile incidents like the Santander breach and over 58% of large UK financial firms experiencing supply chain attacks in 2024, the threat is real, imminent, and rapidly evolving. As we approach Infosecurity Europe 2025, industry leaders are emphasizing proactive, continuous risk management as the new baseline. Here’s a comprehensive look at the state of third-party cyber risks and how companies must adapt to survive.
The Evolving Landscape of Supply Chain Cybersecurity (Digest)
Modern businesses typically engage with hundreds or thousands of vendors, creating an intricate supply chain ecosystem vulnerable to cyber attacks.
SecurityScorecard’s 2024 report reveals that 50% of all breaches stemmed from third-party vulnerabilities.
Every organization examined was connected to at least one vendor that had been compromised in the last two years.
No industry is immune — even firms with robust cybersecurity frameworks, like Santander, fell victim due to weaknesses in third-party providers.
Orange Cyberdefense found 58% of major UK financial institutions were hit by at least one third-party breach in 2024.
Infosecurity Europe 2025 will host critical discussions on mitigating third-party risk, with experts from RX Global, Bayer, and 4Fox Security.
Dr. Emma Philpot of IASME will moderate a keynote titled “The Evolving Tactics of Supply Chain Attacks.”
RX Global’s CISO, Des Massicott, stressed that assumed trust in vendors is a major weak point without continuous monitoring.
Traditional point-in-time assessments like SIG questionnaires offer only a snapshot and fail to reflect evolving security postures.
Massicott and Cobb agree that yearly vendor evaluations are outdated and ineffective.
Real-time tools and continuous monitoring are essential to detect and prevent threats before they materialize.
Companies with always-on third-party risk management (TPRM) programs detect and neutralize threats 43% faster.
The cybersecurity focus is shifting toward Supply Chain Defense and Response (SCDR) for agile, coordinated actions during incidents.
Tools such as SecurityScorecard and RiskRecon help security teams gain ongoing visibility into vendor health.
RX Global now embeds security protocols earlier in procurement, guided by threat intelligence.
Massicott’s team is transitioning from reactive defense to a resilient, proactive strategy.
Infosecurity Europe 2025 will highlight how threat actors are evolving from random to targeted attacks, exploiting trust between partners.
RX Global is redesigning its incident response to reflect that it’s not “if” a breach happens — but “when.”
Organizations must establish dynamic, intelligent, and integrated approaches to third-party cybersecurity.
Infosecurity Europe marks its 30th anniversary this year and is scheduled from June 3–5 at the London ExCel.
The event will provide attendees with cutting-edge strategies, case studies, and emerging tech in third-party risk management.
Registering for the conference is a step toward securing one’s place in the future of cyber defense.
What Undercode Say:
The rising wave of third-party cyberattacks is a clear signal that traditional security frameworks are no longer sufficient. Organizations are being blindsided not because their internal defenses are weak, but because they’re relying on outdated methods to evaluate external risks. Static assessments and yearly audits are becoming relics in a world where digital threats evolve hourly.
A striking takeaway from the SecurityScorecard data is that every organization studied was linked to at least one previously breached vendor. This exposes a chilling reality: businesses today are only as secure as their most vulnerable partner. And in many cases, those partners operate with minimal oversight or transparency, leaving organizations blind to hidden dangers.
Steve Cobb’s insights reflect a crucial pivot in thinking — that vendor risk must be treated as a live, evolving threat, not a checkbox exercise. Real-time visibility and always-on monitoring aren’t optional; they are foundational to modern cyber defense. The speed at which companies can detect and react to third-party breaches determines whether they stay operational or end up in the headlines.
Des Massicott’s commentary adds another critical layer — the psychology of trust. Too often, businesses assume compliance equals security. A vendor might pass onboarding assessments, but without ongoing checks, their security posture can deteriorate rapidly, creating unseen vulnerabilities.
The emphasis on Supply Chain Defense and Response (SCDR) is an encouraging sign that the industry is moving beyond passive defenses. This model fosters interdepartmental coordination, threat intelligence sharing, and a war-room mindset, enabling faster response when breaches occur.
Massicott’s mention of embedding security early in the procurement lifecycle is particularly strategic. By involving cybersecurity professionals during the vendor selection phase, companies can filter out high-risk partners before contracts are signed. Additionally, using tools like RiskRecon provides the much-needed capability to track a vendor’s digital hygiene over time.
At the policy level, companies must move toward continuous compliance — where security is an ongoing process, not a once-a-year ritual. This includes educating employees on the risks of third-party interactions, enforcing access controls, and having a breach-ready incident response plan tailored to supply chain attacks.
As attackers evolve, so too must defenders. Opportunistic, broad-spectrum attacks are giving way to highly targeted campaigns that exploit trust between organizations. Cybercriminals no longer need to break into the front door; they’ll sneak in through a trusted partner’s unlocked window
References:
Reported By: www.infosecurity-magazine.com
Extra Source Hub:
https://www.medium.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
