2021 Third-Party Intelligence Threat Landscape

Posted: 25th March 2022


Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

The annual threat report surveys the threat landscape of 2021, summarizing a year of intelligence produced by Recorded Future’s threat research team, Insikt Group. It draws from data on the Recorded Future® Platform, including open sources like media outlets and publicly available research from other security groups, as well as closed sources on the criminal underground, to analyze global risk trends across industry verticals throughout 2021. This report will be of interest to anyone seeking a broad, holistic view of the third-party risk landscape in 2021.

Executive Summary

Throughout 2021, third-party relationships across all industry verticals were put to the test by major data compromises and supply chain attacks. Using Recorded Future Platform risk data, we determined comprehensive risk profiles for 5 industries: telecommunications, healthcare, managed service providers (MSPs), finance, and energy. The trends in the average number of risk rules triggered by the top 25 most referenced organizations in each respective industry vertical and the average number of instances a risk rule was triggered help us understand the current third-party risk landscape in each respective industry.

The industry that triggered the most risk rules in 2021 was telecommunications, followed by healthcare, MSPs, finance, and energy. We considered several factors when making this list, including data breach activity, IP/domain security, dark web and underground forum chatter, leaked credentials, and general cyber hygiene. Doing so gives us a clear understanding of which industries maintained a strong security posture throughout the year, and which are struggling to safeguard against novel threats heading into 2022.

This report is designed to help organizations understand the current risk trends across industries and make informed choices regarding the security health of an industry prior to entering a third-party relationship or acquisition in 2022.

In an effort to evaluate the state of third-party intelligence in 2021, we used Platform data to identify the most commonly triggered high- and medium-severity risk rules across 5 major industries, including: finance, healthcare, managed service providers (MSPs), telecommunications, and energy. These industries were chosen for this report based on what we have observed as historical, high-trending threat activity over the past 1 to 5 years. From these industries, we analyzed the 25 most referenced organizations in the Recorded Future Platform for each industry and the number of risk rules triggered by each organization. Selecting these organizations based on reference count is an effective way of understanding the risk rules that were associated with the most prominent threats throughout the year; however, there are likely other data sets to consider for deeper analysis in the future, such as each organization’s market share relative to the level of risk associated. 

While risk rules triggered, both by quantity and volume, helps us understand the threats associated with each industry, we have also considered the effects of each industry’s risk levels on other industries. For example, MSPs did not trigger the most risk rules overall; however, MSPs have greater third-party integration than other industries. Therefore, an attack on an MSP would represent a greater risk to third parties than an attack on a healthcare provider, which is more likely to harm customers and patients rather than industry partners.

From this data, we determined that the industry with the highest likelihood of a compromise affecting third-party partners is MSPs, due to the high volume of integrations between MSPs and third parties, as well as the likelihood that a compromise of an MSP could result in exploitation of other downstream partners. Despite major attacks against Shell, Colonial Pipeline, and Saudi Aramco, Recorded Future risk data indicates that the energy industry triggered the fewest risk rules in 2021, with only 20 high- and medium-severity risk rules triggered and an average of 8 triggered instances per risk rule. The energy sector is also the least likely to be affected by major third-party compromises considering how limited energy sector integration is with partner industries. For a full breakdown of the top 5 risk rules triggered by industry, as well as the high-severity risk rules triggered by industry, refer to Appendices A and B.

Editor’s Note: This post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.