The supply chain has become the easiest and least noticeable entry point for cybercriminals. According to the latest analyses by the research team at Palo Alto Networks, 28% of security incidents in Europe involved external business partners. This means the likelihood of such attacks is now comparable to other methods that previously dominated security reports.
At the same time, experts stress that most of these incidents go undetected or are misattributed to the direct target of the attack. In reality, the scale of the threat is therefore even greater than the statistics suggest.
“Cybercriminals increasingly target not the main organization, but its digital backbone—external suppliers, technology service providers, or operational partners. That’s where they find weak links: less protected, yet with full access. This is why companies must stop viewing security solely through the lens of their own infrastructure. The real threat often lies outside their direct control, but still within their digital relationships,” says Wojciech Gołębiowski, Vice President and Managing Director of Palo Alto Networks in Central and Eastern Europe.
Global supply-chain attacks up 100%
Palo Alto Networks’ research unit, Unit 42, reports that in 2024 28% of incidents in Europe were linked to third-party breaches—partners, suppliers, and subcontractors. Verizon’s 2025 Data Breach Investigations Report points to a similar global share of 30%, which year on year represents a doubling of supply-chain-related incidents.
Unit 42’s analyses show that technology and financial firms are the most exposed to this type of attack.
“In these incidents, cybercriminals focus on suppliers with rich data resources and extensive networks of connections. Palo Alto Networks data indicate that the main targets include fintech companies, law firms, and luxury brands. Through such organizations, attackers can gain access to a broad base of users and clients, including high-net-worth individuals,” explains Gołębiowski.
In Poland, the scale of cyberattacks is rising sharply year by year. Data from CERT Polska show that in September 2025 the number of reported incidents was 278% higher than a year earlier. Not all of these are supply-chain-related, but experts emphasize that risks are increasingly difficult to control precisely in the area of external dependencies.
“In Poland, companies often build their security strategies in isolation, without considering how much depends on their partners. Meanwhile, even a small outsourcing firm with administrative access to a client’s systems can become an ideal target. It happens that subcontractors have more privileges than a company’s own employees, while having far fewer defensive capabilities,” comments Grzegorz Latosiński, Sales Director at Palo Alto Networks in Central and Eastern Europe.
Why break through the door when the window is open?
From a cybercriminal’s perspective, a supply-chain attack is ideal—cheaper, faster, and harder to detect. It’s enough to find a single partner that fails to meet basic cybersecurity standards but is connected to the main company’s network.
What does such an attack look like in practice? In recent months, Unit 42 published an analysis of the Muddled Libra group, which attacked, among others, an outsourcing firm providing services to the financial and pharmaceutical sectors. The attackers impersonated helpdesk staff, captured login credentials, and then gained access to administrator-privileged accounts—all in less than 40 minutes. Within two days, they exfiltrated over 100 GB of data without triggering any alarms.
“This example shows how fast and effective supply-chain attacks can be, leveraging system trust in known entities. Partners connect via APIs or VPNs and sometimes even hold access keys—and no one questions it. Once one of these accounts is compromised, the attacker operates like an insider. Yet many companies still lack awareness of the scale of their digital dependencies. Organizations should ask themselves: how many partners have access to my systems? How many have used the same credentials for years? How many hold administrator rights?” emphasizes Tomasz Pietrzyk, Senior Manager for Technology Solutions at Palo Alto Networks in Central and Eastern Europe.
Real resilience requires a mindset shift
Companies should no longer ask whether an attack will happen, but where it will start and who will be affected. Those most at risk are often the ones no one audits for security procedures—smaller partners, technical vendors, and service companies.
“Cyber altruism is not about goodwill; it’s a business strategy. If your supplier is breached, their problems quickly become yours. By helping them secure themselves, companies invest in their own digital stability. Smaller firms don’t always have the resources or expertise, but they can benefit from tools, training, and best practices offered by larger partners,” adds Latosiński.
Source: ceo.com.pl
