Global Data Breach Risk Soars from Indian Suppliers
▼ Summary
– A new report reveals that 53% of key Indian vendors in global supply chains experienced a third-party breach in the past year.
– Outsourced IT and managed service providers were responsible for 63% of these third-party breaches.
– Pharmaceutical firms accounted for 42% of publicly reported breaches and 38% of the ransomware incidents studied.
– The cybersecurity ratings of these vendors were highly mixed, with 27% receiving an “F” grade but 25% achieving an “A” grade.
– Poor network security, mismanaged certificates, and inadequate patching were the most common reasons for the low security ratings.
A new cybersecurity report reveals a startling vulnerability within international supply chains, with data indicating that over half of key Indian suppliers have experienced a third-party breach in the last year. This finding raises significant concerns for the countless global businesses that depend on these vendors across critical sectors like semiconductors, pharmaceuticals, and electronics. The study underscores a pressing need for enhanced security measures to protect interconnected digital ecosystems from cascading failures.
The analysis, conducted by SecurityScorecard, focused on 15 prominent Indian companies recognized as major exporters or service providers. It defined a third-party breach as an incident where a vendor’s security failure led to a compromise at a client organization, or conversely, where a breach at a client exposed the vendor’s own systems. This dual perspective captures the complex web of risk in modern supply chains. Alarmingly, outsourced IT and managed service providers were responsible for nearly two-thirds of all documented breaches.
Further dissecting the data, the pharmaceutical industry emerged as another area of concern, accounting for a substantial portion of publicly reported breaches and ransomware events. Each company evaluated received a security rating based on a comprehensive set of factors, from patching cadence and DNS health to network and endpoint security. The results painted a picture of extreme contrasts.
While a commendable 25% of the vendors achieved a top-tier “A” rating, demonstrating that robust cybersecurity practices are attainable, a much larger group—almost 27%—received a failing “F” grade. This represents the highest proportion of failing scores ever recorded in a SecurityScorecard report. The primary culprits behind these low ratings were consistently network security weaknesses, poorly managed digital certificates, and sluggish patch management processes.
A senior executive from the security firm emphasized India’s pivotal role in the world’s digital infrastructure, noting that the findings reveal both pockets of excellence and critical areas demanding immediate improvement. He stressed that strengthening supply chain security is no longer optional but a fundamental operational necessity for global commerce. In response to these findings, the report issues several key recommendations for organizations worldwide.
(Source: Info Security)
