Now Playing
Supply Chain Breaches Double & Espionage Up 163% | DBIR 2026
Audio is available on Spreaker — see link below.
The Verizon DBIR 2026 reveals third-party breaches have doubled in a year, while espionage incidents surged 163% — and this week's Foxconn and Cushman & Wakefield cases prove it's not theoretical. Today's briefing breaks down the structural shifts attackers are exploiting and what defenders are still getting wrong.
Audio is available on Spreaker — see link below.
A major annual threat intelligence report dropped this week, and the headline figure is one that security teams shouldn't be able to explain away: third-party involvement in breaches has doubled in a single year. Thirty percent of all incidents now trace back through a supplier, vendor, or partner.
The espionage finding in the DBIR is the number worth pausing on. A hundred and sixty-three percent increase in espionage incidents year over year.
The Cushman and Wakefield breach tells a different part of the same story. ShinyHunters, a group with a well-documented record of high-impact intrusions, got into a major global enterprise through a phone call.
Separately, threat intelligence firm CTM360 disclosed a campaign they're calling GovTrap. Over eleven thousand fake government portals, designed to harvest credentials from citizens and employees by impersonating official services.
The through-line connecting all of this is trusted infrastructure weaponization. VPNs, privileged access management tools, single sign-on systems, supplier portals: these are systems organizations have historically treated as secure by default.
The key metrics to track from here are simple, even if fixing them isn't. How many organizations have real-time visibility into their supplier security posture?
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.