Around 140 organizations reported to have had their operations impacted or disrupted by a supply chain attack in the first quarter of 2021. According to the Identity Theft Resource Center (ITRC), which is a nonprofit organization, this represents a 42% increase when compared to the previous quarter (4th quarter of 2020). In total, US data breaches that were publicly reported saw an increase of 12% during the first quarter of 2021 when compared with the previous one.
This does not tell the whole as more than 51 million individuals fell victim to a cyberattack conducted in the first quarter of 2021 according to the ITRC. This represented an increase of 564%.
The reason for the vast difference in the number of compromises and the amount of people affected was due to the surge in supply chain attacks in addition to the incidents which began in late 2020 and continued to develop well into the new year.
The President of the ITRC, Eva Velasquez, highlighted in a press release as to how troubling it was that despite only a slight increase in the number of data compromises, there was a massive rise in supply chain attacks. She went on to say that supply chain attacks alongside phishing and ransomware attacks reflect a wide ranging trend about how cybercriminals are trying to hack into and exploit multiple organizations via the use of a single point-of-attack. Ms. Velasquez believes that the best action which individuals can undertake to keep themselves safe from cyberattacks is to ensure that they adopt good cyber-hygiene habits.
Third-Party Access
Vendors remain the most prominent target for supply chain attacks, as reported by the ITRC, with 27 reported incidents having impacted nearly 140 different entities and north of 7.4 million people in the first quarter of 2021 alone.
Despite having seen less than 30 such attacks occur during the quarter, supply chain attacks can cause enormous damages to organizations and bring their operations to a standstill.
As an example, IT provider Blackbaud saw a data breach which impacted more than 12.8 million people and approximately 555 organizations since it was detected back in May 2020.
ITRC also discovered that despite the large rise in supply chain attacks occurring, the veteran hacking tools of phishing and ransomware continue to be the primary cause of data compromising events.
The health care sector remained the most dominantly targeted sector during the first quarter with around 77 breaches. Following health care, financial and professional services, education, manufacturing and technology were the most targeted industries. The Hospitality sector saw the least amount of exposures with just six occurring in the quarter.