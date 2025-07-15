SecurityBrief Asia reports that despite substantial reductions in direct ransomware victimization in the finance sector over the past two years, organizations in the industry remain highly vulnerable to threats posed by third-party vendors.
Information disclosure practices were rated at C, D, or F among 92% of vendors, suggesting inadequate data management across the supply chain, according to a Black Kite report. Moreover, 65% had outdated security patches, with 31 of 140 vendors found to have one or more critical vulnerabilities. High risk designations have been given to 90 vendors, more than a third of which had flaws added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog. "We uncovered many weaknesses across vendor companies. The reality is that they just do not have the same robust defenses and regulatory obligations as the financial industry, and when these vendors are breached, the impact can be widespread and significant," said Black Kite Chief Research and Intelligence Officer Ferhat Dikbiyik.
Information disclosure practices were rated at C, D, or F among 92% of vendors, suggesting inadequate data management across the supply chain, according to a Black Kite report. Moreover, 65% had outdated security patches, with 31 of 140 vendors found to have one or more critical vulnerabilities. High risk designations have been given to 90 vendors, more than a third of which had flaws added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog. "We uncovered many weaknesses across vendor companies. The reality is that they just do not have the same robust defenses and regulatory obligations as the financial industry, and when these vendors are breached, the impact can be widespread and significant," said Black Kite Chief Research and Intelligence Officer Ferhat Dikbiyik.