Retail breaches are back — and they’ve evolved.

It’s not just about stolen credit cards anymore. In this new episode of Cyberside Chats, @sherridavidoff and @MDurrin dig into the latest wave of retail cyberattacks — from ransomware shutting down pharmacies to credential stuffing hitting brand loyalty programs.

We'll cover:
• Why names, emails, and access tokens are now prime targets
• How third-party SaaS tools are exposing retailers
• The #1 priority for securing customer-facing systems
• What every organization can learn from the 2013 “Retailgeddon”
• Why testing your incident response plan for downtime is a must

🎥 Watch the video: https://ow.ly/C2iQ50W6ueV
🎧 Listen to the podcast: https://ow.ly/FSnI50W6ueW

#Cybersecurity #RetailBreach #CybersideChats #Ransomware #CredentialStuffing #ThirdPartyRisk #IncidentResponse #InfoSec #RetailSecurity #Cyberattacks #Retail

👟 Adidas warns of a data breach after attackers hit a third-party customer service provider. Another reminder: your partners’ security is your responsibility too 🔓🤝 #DataLeak #ThirdPartyRisk

https://www.bleepingcomputer.com/news/security/adidas-warns-of-data-breach-after-customer-service-provider-hack/

Adidas just faced a data breach through a third-party vendor, exposing customer contact info and sparking fresh concerns about digital safety. How secure is your data when others have access?

https://thedefendopsdiaries.com/adidas-data-breach-highlights-third-party-cybersecurity-risks/

#adidasdatabreach
#thirdpartyrisk
#cybersecurity
#dataprotection
#infosec

⚠️ Another healthcare giant breached: Ascension confirms data theft affecting 437,000+ patients 🏥🔓

📅 The breach was first disclosed in May, but only now is the full scope coming into focus
📂 Exposed data includes names, Social Security numbers, contact info, and treatment histories
🔍 The attack targeted a third-party vendor used for handling sensitive records
📉 Impact could expand as more systems are reviewed

This is yet another example of how vulnerable healthcare supply chains remain—and why third-party security can’t be treated as an afterthought.

If your vendors touch PHI, PII, or internal systems, your risk posture has to extend beyond the perimeter.

#CyberSecurity #Healthcare #DataBreach #ThirdPartyRisk #InfoSec
https://www.securityweek.com/437000-impacted-by-ascension-health-data-breach/

JP Morgan's CISO highlights critical #ThirdPartyRisk in SaaS, urging providers to prioritize security over rapid features.

"Secure and resilient by design" is key.

Read the full letter here: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers

#CyberSecurity

📈 Ransomware and vulnerability exploitation are surging — and attackers are moving faster, hitting harder, and targeting smaller victims more aggressively than ever.

Verizon’s 2025 Data Breach Investigations Report reveals sharp increases across multiple threat vectors:
- Ransomware was present in 44% of breaches (up 37% YoY)
- Exploited vulnerabilities surged 34%, nearly matching credential abuse
- Third-party involvement in breaches doubled, from 15% to 30%

Ransomware now disproportionately impacts small and mid-sized businesses:
- 88% of SMB breaches involved ransomware
- Compared to just 39% in larger organizations
- While ransom payments declined, attack frequency and speed continue to rise
- Median ransom payment dropped from $150K → $115K

Vulnerability exploitation is tightly linked:
- 20% of initial breach vectors came from unpatched vulnerabilities
- Edge devices and VPNs were hit hardest (Ivanti, Cisco, Fortinet, Palo Alto)
- Edge device exploitation grew 8x YoY
- Only 54% of known edge vulnerabilities were fully remediated — median patch time: 32 days

Espionage-motivated breaches also leaned heavily on vulnerabilities:
- In 70% of these cases, initial access came from unpatched flaws
- Ransomware operators and state-backed actors continue to exploit the same gaps

The bottom line: attackers aren’t changing tactics — they’re maximizing opportunity.

At @Efani, we believe these numbers paint a clear picture. SMBs, edge networks, and third-party dependencies are now prime targets. Ransomware may not always demand a payment, but it always demands attention.

#CyberSecurity #Ransomware #VulnerabilityManagement #DataBreach #SMBSecurity #DBIR2025 #ThirdPartyRisk #EfaniSecure

New report: 35.5% of breaches now come through 3rd parties!

Retail has a 52.4% third-party breach rate
Singapore tops list, 71.4%
46.75% involve tech products/services
41.4% of ransomware attacks start via 3rd parties

#Cybersecurity #ThirdPartyRisk | https://zurl.co/QY4l2

Understanding the Western Alliance Bank Data Breach: Lessons in Cybersecurity

https://thedefendopsdiaries.com/understanding-the-western-alliance-bank-data-breach-lessons-in-cybersecurity/

#databreach
#cybersecurity
#zeroday
#ransomware
#thirdpartyrisk

Who owns IR when you rely on strategic IT outsourcing agreements?
#dfir #tabletops #ttx #thirdpartyrisk

https://therecord.media/rhode-island-data-breach-deloitte

Who owns IR when you rely on strategic IT outsourcing agreements?
#dfir #tabletops #ttx #thirdpartyrisk

https://therecord.media/rhode-island-data-breach-deloitte

We're thrilled to introduce our new CyberSide Chats podcast featuring Sherri Davidoff and Matt Durrin! In the first episode, Sherri and Matt explore the top cybersecurity priorities for 2025. This insightful discussion covers:
🔹 The pervasive influence of AI
🔹 Emerging threats like deepfakes
🔹 Managing third-party risks in an increasingly digital world
Equip yourself with actionable insights to strengthen your cybersecurity posture for the year ahead!
🎧 Tune in now: https://www.chatcyberside.com/
or watch it on video at
https://youtu.be/obfXj8HTodw

#cybersecurity #CISO #infosec #IT #riskmanagement #cyberaware #cyber #technology #CyberSideChats #Cybersecurity2025 #AIThreats #Deepfakes #ThirdPartyRisk #FutureOfCybersecurity

Mitigating third-party risk in today's cyber ecosystem [Q&A] #QandA #CyberSecurity #ThirdPartyRisk

https://betanews.com/2024/11/11/mitigating-third-party-risk-in-todays-cyber-ecosystem-qa/

Combat the rise in stolen source code incidents that is increasing your organization's #ThirdPartyRisk! Watch our 3-minute video to learn about real cases of source code theft, #darkweb listings, and how vendors can be weak links in your organization's #cybersecurity. https://youtu.be/Xg-UkNbP31c

#RiskManagement #VendorSecurity #DataBreach #TPRM #infosec #cyberaware #SMB #DFIR #security #CISO

⚠️ Cyberattackers are exploiting security gaps in third-party vendors to infiltrate larger organizations. 🔐 Time to rethink vendor security! #CyberThreats #ThirdPartyRisk #InfoSec https://www.defensorum.com/why-cyberattackers-target-third-party-vendors/

The number of #IoT devices is predicted to soar to 207 billion, outnumbering the human population nearly tenfold, over the coming decade.😮 These devices can make our lives more seamless, but they're also an area of great vulnerability.😓

In this article, #Graylog's Ross Brewer discusses the enactment of the Product Security and Telecommunications Infrastructure Act (#PSTIA) by the UK Government and its impact on this situation. He also takes a dive into the issue of manufacturing standards + supply chain attacks along with learnings from the #GDPR. Read on for some insightful analysis on the current and future #security landscape.

https://professionalsecurity.co.uk/products/cyber/iot-is-shaping-the-security-landscape/ via Professional Security Magazine #cybersecurity #thirdpartyrisk

🚨 Supply Chain Breaches Surge 68% 🚨
Verizon's DBIR reports a significant rise in third-party breaches driven by software vulnerabilities, ransomware, and extortion attacks. The definition of "supply chain breach" has expanded to include compromised third-party software. Are your vendors prepared to tackle this growing risk?

Learn more: https://zurl.co/GZdv

#Cybersecurity #SupplyChain #DataBreach #DBIR #ThirdPartyRisk #Ransomware #SOClogix

I'm thrilled to announce my participation in this year's Shared Assessments Summit, where I'll have the honor of discussing the intricacies of 4th/nth Party Risk. I look forward to sharing insights and engaging with fellow professionals in the field!

#thirdpartyriskmanagement #thirdpartyrisk #fourthpartyrisk #informationsecurity #informationtechnology #cybersupplychain

Do you know what is trending now in vendor management? Dive into Vendor Centric's latest blog to discover how organizations are unlocking the power of vendor management. We have highlighted the ten trends shaping a dynamic year for vendor management in 2024.

Read Blog: https://zurl.co/MO8j

#VendorCentric #VendorManagement #2024Trends #Resilience #RiskManagement #ThirdPartyRisk

🌐 The landscape of vendor management is evolving rapidly! Vendor Centric's latest blog post details 2024 trends that include the integration of ESG, diversity considerations, and upskilling, which continue to underscore the comprehensive nature of today's vendor management. Follow us for more insights that will help you adapt and thrive together!

Read More: https://zurl.co/F3hL

#VendorCentric #VendorManagement #AI #ESG #ThirdPartyRisk

Framework Computer has disclosed they had a data breach involving their accountant. An accountant had fallen victim to a phishing attack, and shared customer personally identifiable information (PII) to the attacker. Framework is mandating social engineering training at the accounting firm, and will be auditing their processes. Affected customers are advised to be vigilant of phishing attempts.

#cybersecurity #breach #thirdpartyrisk #USA

https://www.bleepingcomputer.com/news/security/framework-discloses-data-breach-after-accountant-gets-phished/