- 연봉과 수요 모두 상승 중···2025년 IT 핵심 직군 7선
- "도난 시도만 3억 달러 이상"··· AI 기반 '벤더 이메일 손상 공격'에 주목할 이유
- Cyber as a Pressure Valve: Why Economic Conflict Is Fueling a New Era of Cyber Escalation
- “2025년 스테이블코인 투자 2024년 대비 10배 예상”···CB인사이츠, ‘스테이블코인 시장 지도’ 공개
- The best portable power stations for camping in 2025: Expert tested and reviewed
Ninety Percent of Energy Companies Suffer Supplier Data Breach
Almost all (90%) of the world’s 48 biggest energy companies have suffered a supply chain data breach in the past 12 months, according to new data from SecurityScorecard.
The security resilience vendor analyzed the cybersecurity posture of the largest coal, oil, natural gas and electricity companies in the US, UK, France, Germany and Italy, as well as their suppliers – covering 21,000 domains.
Its resulting Energy Sector Third-Party Cyber Risk Report identified 264 breach incidents related to third-party compromises in the past 90 days alone.
Some countries fared better than others. All (100%) of the top 10 US energy companies experienced a third-party breach in the past year.
Read more on supply chain breaches: Some 98% of Global Firms Suffer Supply Chain Breach in 2021
UK energy firms were given the highest average security rating, with 80% holding a B or above. Overall, a third of global firms had a C rating or below, indicating a higher likelihood of breach.
Interestingly, of the 2000+ third-party vendors analyzed for the report, just 4% experienced breaches themselves. Yet this small percentage had an outsized impact on their clients’ security posture.
Unsurprisingly, MOVEit was the most prevalent third-party vulnerability of the past six months.
The report also highlighted the dangers of so-called “fourth-party” breaches – that is, breaches at suppliers of suppliers. All US and UK companies experienced a fourth-party breach in the past year, and 92% of global energy firms have been exposed to such incidents.
The risk of supplier breaches is increasingly important to understand and manage in light of new SEC breach reporting guidelines. The regulator has stated that supplier risk is a “material” business risk and that listed firms must share their policies and procedures to “oversee, identify and mitigate” third-party cyber-risk.
“Hope and prayer may be useful but are clearly not sustainable strategies,” argued former Fortune 500 CISO and chairman of the SecurityScorecard Cybersecurity Advisory Board, Jim Routh.
“Preventing the surge of supply chain attacks requires systematically applying real time data triggering automated workflow to manage risk in the digital ecosystem.”
