"When we think about the supply chain, we often picture logistics and warehouses, but today the real threat is the expanded ecosystem. The bottom line is that wholesale and retail's greatest risk is their shared supply chain, and as we have seen time and time again, just one vulnerability in a common vendor can create systemic impact affecting both simultaneously."
"Over 70% of major retailers, nearly 60% of wholesalers, and 52% of the supply chain have exposed credentials. This widespread presence of compromised credentials means that initial access has already been granted to a majority of the industry, creating significant vulnerability across the sector."
"42% of critical supply chain vendors are exposed to at least one vulnerability from the CISA Known Exploited Vulnerabilities (KEV) Catalog, listing flaws currently under active attack. Additionally, 17% of retail ransomware victims had revenue over $1B, demonstrating that threat actors prioritize big game hunting in the retail sector."
Black Kite research reveals that wholesalers and retailers face critical vulnerabilities through their interconnected supply chains. Over 70% of major retailers, nearly 60% of wholesalers, and 52% of supply chain entities have exposed credentials, granting threat actors initial access. Retailers with over $1B revenue face targeted ransomware attacks for high-value extortion, while mid-market wholesalers ($20M-$100M) experience volume-based attacks. Forty-two percent of critical supply chain vendors are exposed to actively exploited vulnerabilities. Professional and Technical Services and Information sectors dominate the supply chain with 1,498 companies, significantly outnumbering physical categories. Traditional compliance checklists prove insufficient; comprehensive third-party risk management must address vulnerabilities across the entire partner ecosystem.
#supply-chain-security #ransomware-threats #credential-exposure #third-party-risk-management #retail-and-wholesale-vulnerabilities
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]