The breach that started somewhere else

A striking pattern ran through 2025’s biggest incidents: the attackers often didn’t breach the headline victim directly. They compromised a vendor, a shared platform, or a third-party service — and walked in through a trusted door.

Major disruptions across food supply, government systems, telecom and SaaS platforms traced back to compromised suppliers rather than a direct hack of the affected organisation.

Why supply chains are the soft target

Trust is transitive — and exploited. You vet your own security, but every vendor with access extends your attack surface.

Shared platforms multiply impact. One compromised SaaS or CRM provider can expose dozens of downstream customers at once.

Inherited access lingers. Vendor accounts and integrations often keep broad, long-lived permissions nobody reviews.

You can harden your own walls perfectly and still be breached through a supplier you onboarded two years ago.

Where employees fit in

Third-party risk isn’t only a procurement problem — it lands in your team’s inbox:

Attackers impersonate known vendors in emails and invoices (a favourite for payment fraud).
A "supplier" requesting a login, a document, or a bank-detail change deserves out-of-band verification.
Staff should treat vendor communications with the same scepticism as any external message.

Practical steps

Inventory third-party access — know who can reach what, and revoke stale permissions.
Enforce least privilege for every vendor integration.
Train staff on vendor-impersonation scams, especially in finance and operations.
Verify bank-detail and invoice changes through a known contact, never the message itself.

The bottom line

In 2025, the perimeter expanded to include everyone you do business with. Tightening vendor access and training your people to question vendor requests are now core parts of breach prevention — not procurement footnotes.