New analysis released by SecurityScorecard reveals that 97 percent of the top 100 US banks have experienced a third-party data breach in the past year.
As banks increasingly rely on third-party vendors for core functions, their exposure to supply chain vulnerabilities increases. Using the largest proprietary risk and threat intelligence dataset, SecurityScorecard's experts analyzed how third-party breaches impact the banking sector.
What's interesting is that although almost all banks reported third-party breaches only six percent of vendors were compromised, showing the extensive reach these incidents can have. Nearly all of these banks also suffered fourth-party breaches, traced back to just two percent of vendors. All of the top 10 US banks faced a third-party breach, underscoring the level of risk across the industry.
Ryan Sherstobitoff, senior vice president of threat research and intelligence at SecurityScorecard, says, "Nearly all major US banks faced third-party breaches, exposing serious weaknesses across our interconnected digital ecosystem. The recent CrowdStrike incident underscored this fragility, showing how issues with just one vendor -- even without a breach -- can create widespread exposure and risk. For banks, these third-party vulnerabilities mean one compromised vendor could destabilize the entire financial system."
The SecurityScorecard STRIKE team offers some tips for enhancing cybersecurity in the banking sector. These include implementing automated scanning to detect IT infrastructure and cybersecurity risks across vendor and partner environments, mapping the critical business processes and technologies to identify any single points of failure and creating a watch list with these vendors. It also suggests passively monitoring vendors’ IT deployments to identify and resolve hidden supply chain risks.
You can find out more on the SecurityScorecard site.
Image credit: Rawpixel/depositphotos.com