A fresh wave of high-profile cyberattacks is reinforcing one of cybersecurity’s most urgent lessons: today’s risk landscape extends far beyond the walls of an enterprise. As recent breaches impacting Air France, KLM, and Marks & Spencer show, the real danger often lies embedded within the supply chain. From third-party software to outsourced customer services, attackers are increasingly exploiting cracks in the vendor ecosystem.
The growing sophistication of such supply chain attacks, combined with low organizational visibility and slow adoption of best practices, is creating fertile ground for malicious actors—often with nation-state backing—to strike indirectly but with devastating effect.
Recent Attacks Expose Critical Gaps in Vendor and Software Supply Chain Security
Incidents across sectors paint a clear picture: The weakest link in an organization’s security strategy is often its supplier.
Air France-KLM Breach Originated from a Contact Center Vendor
In late July 2025, both Air France and KLM disclosed a data breach resulting from an attack on a third-party platform used by their contact centers. The exposed data included customers’ names, contact details, and Flying Blue frequent flyer membership info.
While the airlines clarified that sensitive information such as passwords, ID documents, and credit card data were unaffected, the breach reinforces concerns over third-party access to personal data. Regulatory bodies in France and the Netherlands were alerted, and both airlines began notifying customers with guidance on phishing avoidance.
This incident echoes broader findings that supply chain cybersecurity remains an Achilles’ heel for many sectors. Research from 2024 showed that most organizations had suffered some form of third-party breach, with nations like the Netherlands ranking among the most frequently affected.
Marks & Spencer Ransomware Attack Reveals Cascading Impacts
The luxury retailer Marks & Spencer (M&S) was hit hard in July 2025—not by a direct attack, but through a ransomware compromise at a key supplier. The cybercriminal group Scattered Spider used phishing and social engineering to access the supplier’s systems, eventually disrupting M&S’s logistics and shutting down critical operations.
The incident cost M&S an estimated £300 million in profits and shaved £750 million off its market value, proving how supplier-side vulnerabilities can escalate into full-blown corporate crises.
Russian State-Aligned Actors Targeting Western Logistics Operations
Nation-state threats are also adopting supply chain vectors. According to the U.S. National Security Agency (NSA), Russian intelligence-affiliated hackers have been targeting Western logistics and transportation firms through third-party vulnerabilities since 2022.The campaign leveraged spear phishing and network exploits—sometimes via shared internet-connected cameras—to track aid shipments to Ukraine. This attack surface extended beyond primary contractors to include localized infrastructure and service providers, once again illustrating the broad reach of supply chain security gaps.
Reported Readiness Levels Reveal a Dangerous Visibility Gap
Despite growing awareness, most enterprises remain under-prepared to tackle software and vendor supply chain risks.
In its July 2025 report, cybersecurity company LevelBlue presented striking statistics:
- Only 23% of enterprises have high visibility into their software supply chains.
- 49% lack the insight needed to assess or manage supply chain risks.
- Of the organizations with low visibility, 80% suffered a breach in the past year.
These findings correlate strongly with recent incidents and spotlight the importance of transparency in the supply chain. While 40% of surveyed CEOs identified software supply chain attacks as their top threat, only 25% plan to assess the security credentials of their software vendors in the coming year.
Regulatory frameworks like the EU’s Cyber Resilience Act, the Digital Operational Resilience Act (DORA), and revised U.S. federal mandates are expected to push enterprises toward better due diligence. Initiatives such as Software Bills of Materials (SBOMs) are gaining traction as a foundational measure for software supply chain security. According to experts, SBOMs should become non-negotiable—not just for compliance, but for long-term resilience and competitive positioning.
Strategic Recommendations for Organizations Seeking Supply Chain Resilience
Organizations must transition from reactive defense to proactive, layered supply chain security strategies.
A recent TechRadar Pro article recommends three pillars for effective third-party risk management:
Identify and mitigate vulnerabilities across your supplier chain
- Assign ownership for third-party risk governance.
- Categorize vendors by criticality and assess their cyber capabilities.
- Replace manual audits with continuous, automated threat monitoring using OSINT (open-source intelligence).
Plan for the compromise of key suppliers
- Include third-party providers in business continuity and incident response planning.
- Conduct joint cyber drills to rehearse coordinated responses to supplier-originated threats.
- Diversify operations to avoid single points of failure.
Fortify your internal environment to limit blast radius
- Monitor third-party access to corporate environments and enforce least-privilege principles.
- Use network segmentation, strong identity controls, and multifactor authentication (MFA).
- Prioritize employee awareness and phishing resistance training—especially at cross-organizational touchpoints.
These best practices are aligned with regulatory imperatives and offer a defensible path forward in a threat ecosystem where the lines between internal and external risk are increasingly blurred.
Conclusion
As attacks grow more intricate and opportunistic, organizations are learning the hard way that any vendor—not just those handling sensitive data—can be a beachhead for cyber threats. The ROI for attackers exploiting third-party vulnerabilities remains high, and the penalties for poor visibility are becoming more severe.
Taking a risk-based, transparent, and continuous approach to supply chain security is no longer optional. From enforcing standardized vendor security metrics to mandating SBOMs and embedding suppliers in incident playbooks, CISOs must extend their security perimeter across the full digital ecosystem—before attackers do.
