1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Third-party breaches are a wake-up call for modern cybersecurity

    From TechnologyDaily@1337:1/100 to All on Wednesday, October 08, 2025 15:15:10
    Third-party breaches are a wake-up call for modern cybersecurity

    Date:
    Wed, 08 Oct 2025 14:11:57 +0000

    Description:
    Cybersecurity has never been more critical than in todays hyper-connected world, where businesses increasingly rely on third-party vendors to deliver essential services.

    FULL STORY ======================================================================

    Cybersecurity has never been more critical than in todays hyper-connected world, where businesses increasingly rely on third-party vendors to deliver essential services.

    Yet, recent reports, including Verizons 2025 Data Breach Investigations
    Report (DBIR), reveals a troubling trend: almost a third of cyber breaches
    now involve third-party vendors or external platforms.

    This is not merely an IT challenge; it is a call to reshape how we perceive and address cybersecurity risks in the modern era.

    The growing prevalence of third-party breaches raises questions of accountability, transparency, and the very nature of digital trust.

    As a cybersecurity professional, this issue is not only a technical challenge but as an opportunity to rethink our approach to safeguarding information.

    The data is stark, the risks are clear, and the solutionsthough within reachrequire a collective shift in mindset. The expanding risk landscape

    Third-party vendors have become indispensable to the success of modern businesses.

    From software-as-a-service (SaaS) platforms to cloud storage providers, these entities enable organizations to operate efficiently, scale rapidly, and innovate constantly.

    Yet, this dependency comes at a cost: an expanded attack surface that malicious actors are prepared to exploit. The 2025 DBIR highlights alarming trends that cannot be ignored.

    Attacks targeting virtual private networks ( VPNs ) and edge devices have surged nearly eightfold, and leaked credentials on platforms like GitHub can remain active for an average of 94 days.

    This is more than just a statisticit is a glaring vulnerability that underscores the interconnected nature of digital ecosystems.

    Simply put, the systems enabling modern operations are also opening doors to cybercriminals, often faster than organizations can close them. Why firewalls are no longer enough

    The traditional firewall, once the cornerstone of cybersecurity, is proving increasingly inadequate in the era of third-party risks.

    While firewalls remain essential, their effectiveness diminishes when faced with the complexities of the modern digital landscape.

    The integration of cloud services , Internet of Things (IoT) devices, and remote management capabilities has fundamentally altered how businesses must defend themselves.

    IoT devices, in particular, present a unique challenge. Continuously
    connected to the internet, they offer potential access points not only to authorized administrators but also to global threat actors.

    The question for cybersecurity leaders is no longer whether to deploy firewalls or VPNsit is how to adapt these tools to a reality where
    third-party involvement is unavoidable and inherently risky. Practical steps for mitigation

    Replacing third-party providers may seem like an appealing solution, but it
    is often impractical. Vendors are deeply integrated into business processes, making their removal both challenging and disruptive.

    Instead, organizations must focus on mitigation strategies tailored to specific third-party relationships. Here are some actionable recommendations: Vendors in your software supply chain: Prioritize vulnerability management
    and network segmentation. For edge devices, limiting exposure to the open internet can significantly reduce risks, especially when patching is delayed Vendors hosting your data: Evaluate their security and operational resilience through risk questionnaires and Third-Party Cyber Risk Management (TPCRM) solutions. These tools provide quantifiable insights into internal security measures. Vendors connecting to your network: Enforce comprehensive network segmentation, stringent authentication policies, password complexity, API key aging, and multi-factor authentication (MFA). These measures should exceed those applied internally to employees.

    These practices are essential, but lets be honestthey are not a complete solution. The interconnected nature of networks means that no single organization can achieve true security on its own. Collaboration is not just
    a buzzword; it is a necessity. From accountability to transparency

    Holding vendors accountable for their cybersecurity practices is a critical first step, but it is not the whole solution. Organizations must cultivate an environment of transparency and information sharing, paving the way for structured frameworks for threat modeling.

    Collaborative efforts between companies and their third-party partners are vital to making informed decisions that protect data and, ultimately, the customers who entrust businesses with their information.

    Transparency in third-party relationships can transform cybersecurity from a reactive discipline to a proactive strategy. It is about creating a culture where risks are openly discussed, shared, and mitigated collectively. A collective responsibility

    We are at a crossroads. The challenges posed by third-party breaches are not isolated incidents; they are shared vulnerabilities that demand collective action. Cybersecurity leaders must embrace transparency, collaboration , and advanced mitigation strategies, redefining security in a connected worldnot
    as an unattainable ideal, but as a shared responsibility.

    If we fail to act, the consequences will be severenot just for businesses but for the broader digital ecosystem we all rely on. The time to address third-party breaches is now. The stakes are higher than ever, but the solutions lie within our grasp.

    Whats needed is not just innovation but unitya commitment to safeguarding the interconnected world we have built together.

    We've featured the best encryption software.

    This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



    ======================================================================
    Link to news story: https://www.techradar.com/pro/third-party-breaches-are-a-wake-up-call-for-mode rn-cybersecurity


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)