Third Parties and Machine Credentials: Key Contributors to 2025’s Security Breaches
May 06, 2025
AI Security / Enterprise IT
The 2025 Verizon Data Breach Investigations Report (DBIR) revealed that the most pressing issues in this year’s data breaches weren’t the sensational headlines of ransomware attacks or zero-day vulnerabilities, but rather the pervasive factors enabling these incidents. Two significant contributors have consistently emerged—increased third-party exposure and rampant abuse of machine credentials.
The report highlights a notable surge in third-party involvement in security breaches, with the figure skyrocketing from 15% to an alarming 30% year-over-year. This concerning trend illustrates the expanding risk landscape that enterprises face as they rely on an intricate web of partnerships, including contractors and vendors. Simultaneously, adversaries have shifted their focus to exploiting machine accounts and poorly governed machine credentials, utilizing these tactics to access systems, escalate privileges, and exfiltrate critical data.
In light of these findings, it is evident that organizations can no longer afford to concentrate solely on safeguarding their employee identities. A comprehensive security strategy must encompass and manage all types of identities—whether human, non-employee, or machine—to adequately defend against emerging threats.
The dynamics of contemporary business necessitate a vigilant approach to third-party risk management. Many organizations find themselves embroiled in a complex interplay of collaborations, often struggling to maintain control and visibility over external partners. This increase in connections can inadvertently create vulnerabilities, as access points multiply, and the potential for exploitation rises.
In the context of the reported breaches, potential adversary tactics as outlined by the MITRE ATT&CK framework are crucial for understanding the methodologies employed by attackers. Initial access points might have been leveraged through compromised credentials or phishing, while persistence could have been established using advanced techniques like scheduled tasks or unauthorized software installations. Privilege escalation techniques could have further enabled attackers to gain administrative access, making data exfiltration not only possible but unerring.
As businesses continue to navigate this intricate security landscape, the imperative for robust identity governance becomes increasingly clear. Organizations must begin to implement structured frameworks that monitor and manage all access points, thereby fortifying their defenses against the multifaceted nature of attacks predicated on third-party risk and machine credential exploitation.
Ultimately, the 2025 DBIR serves as a decisive reminder that in today’s threat environment, a holistic approach to cybersecurity is no longer optional but essential. Only by addressing the complexities of identity governance can organizations hope to mitigate risks effectively and protect sensitive data from increasingly sophisticated threats.
