Black Kite’s Third Party Breach Report Highlights Evolving Cyber Risks in 2024
In a recent release from Black Kite, a prominent player in third-party cyber risk intelligence, the findings of their sixth annual Third Party Breach Report reveal alarming trends regarding cybersecurity breaches over the past year. The report, which analyzes both public breaches and regulatory filings from 2024, alongside proprietary research from the Black Kite Research and Intelligence Team (BRITE), brings to light a concerning dominance of so-called "silent breaches" within interconnected digital ecosystems.
These silent breaches, often unnoticed until significant damage has been done, were harnessed by threat actors who exploited systemic vulnerabilities. This misuse of trusted vendor relationships not only caused disruption to individual organizations but also triggered a chain reaction that affected entire industries, most notably in healthcare, retail, and logistics.
Ferhat Dikbiyik, Black Kite’s Chief Research and Intelligence Officer, pointed out that while digital interconnectedness fosters innovation and efficiency, it simultaneously increases the risk landscape. He emphasized that the exploitation of a solitary vulnerability can result in widespread repercussions, underscoring the need for businesses to reassess their cybersecurity strategies in light of these findings.
The report shed light on several critical trends regarding attack methods. Unauthorized access to networks was linked to over half of the disclosed breaches involving third parties in 2024. Concurrently, ransomware attacks remained a significant threat, comprising 66.7% of recognized attack techniques, with attackers increasingly leveraging third-party avenues to enhance their destructive impact. Furthermore, the exploitation of software vulnerabilities, particularly zero-day flaws affecting key network devices and applications, continued to pose formidable risks to organizations reliant on outdated or improperly configured systems.
Credential misuse emerged as another notable contributor to data breaches, accounting for nearly 8% of recognized methods. This rise can be traced back to data leaks and public information available on dark web marketplaces, which were exploited using automated tools for credential stuffing and brute-force intrusions. Interestingly, the report indicated a shift in the landscape of third-party breaches, with one in four incidents stemming from software vendors, as opposed to more traditional targets, reflecting a growing tendency among cybercriminals to exploit software supply chains amid increasing organizational digitization.
The report not only highlighted significant threats but also identified improvements in cybersecurity measures taken following incidents. Healthcare vendors, responsible for 9% of all reported third-party breaches, showed marked improvement, with 62.5% achieving better risk management practices post-incident, partially driven by rigorous regulatory frameworks like HIPAA. In contrast, only 21.7% of software service providers, facing less regulatory scrutiny, managed measurable enhancements in their cybersecurity posture.
According to the findings, healthcare organizations were the primary targets for third-party breaches, constituting 41.2% of incidents in 2024. This vulnerability is primarily driven by the high value associated with patient data and significant operational dependencies on third-party providers. The finance and insurance sector (14.9%) and manufacturing industry (14%) also reported notable breach incidents, underscoring a disproportionate risk faced by these essential sectors as cyber threats continue to evolve.
Also included in the report are analyses of significant cyber incidents from 2024, involving organizations such as Cencora, Change Healthcare, and Snowflake, along with strategic recommendations for businesses striving to bolster their cybersecurity defenses. The recommendations call for proactive monitoring, thorough risk assessments, and fostering collaboration with vendors to prevent disruptive breaches.
For organizations looking to better understand and mitigate their cyber risk exposure, reading the full Black Kite report is advised. It is available for access on their website, where further insights into effective cybersecurity practices can also be found.
Cyber resilience remains an imperative for organizations across all sectors, as the evolving tactics outlined in the MITRE ATT&CK framework—such as initial access, privilege escalation, and lateral movement—illustrate the sophisticated methods employed by today’s adversaries. As businesses navigate this complex threat landscape, the lessons drawn from 2024’s breaches will provide valuable guidance in strengthening defenses against the persistent and evolving nature of cyber threats.
