Ransomware and extortion campaigns surged to alarming highs in 2025. Approximately 6,800 ransomware and/or extortion incidents were recorded globally, representing a 63% year-over-year increase, according to a report by Intel471.
Rather than targeting large organizations directly, attackers are increasingly setting their sights on third-party partners embedded in complex supply chains, including manufacturers, software providers, consulting firms, industrial vendors and more. But the most important shift today isn’t simply where attackers strike; it’s how they are able to gain access.
Nearly half of initial access attempts in 2025 relied on credential-based techniques, meaning attackers aren’t breaking into systems; they are logging in with valid credentials. Instead of forcing their way through network defenses, cybercriminals are exploiting compromised or manipulated identities to gain legitimate access to corporate systems.
This signals a fundamental change in cyber risk for supply chain organizations. Traditional security strategies focused heavily on protecting infrastructure and strengthening the network perimeter, but those defenses are increasingly ineffective when attackers can simply log in using compromised credentials.
The biggest cyber risk is no longer just perimeter security; it’s compromised or manipulated employee identities. It’s an attacker successfully convincing your systems that they already belong.
How supply chains amplify identity risk
Supply chain ecosystems operate through interconnected systems, shared platforms and extensive third-party access. Vendors, contractors, MSPs and other third-party partners often require legitimate access credentials for enterprise partner platforms such as remote access portals, ERP systems and APIs.
These trusted connections are essential for operational efficiency, but they also create an ideal environment for attackers to exploit compromised identities. When one organization in that network is compromised, attackers often gain access to those trusted connections, resulting in dozens or hundreds of downstream organizations being impacted.
Modern cyberattacks increasingly succeed because they appear as legitimate employees; leveraging stolen credentials, compromising vendor sessions, and generating convincing phishing emails and natural-sounding voice calls to blend seamlessly into normal operations.
The implications are significant: A compromised identity tied to a vendor session can grant attackers access to remote management tools, shared databases, logistics platforms or financial systems. Once inside, they can move laterally across interconnected networks while appearing to operate as a legitimate user.
What begins as a single compromised credential can quickly have cascading effects across an entire partner ecosystem. For organizations that depend on complex vendor relationships, this makes identity security not just an IT issue, but a supply chain resilience issue.
AI is making deception easier
Artificial intelligence is often framed as the next major driver of cyberattacks, but the reality is more nuanced. AI is unlikely to become the central force behind cybercrime operations in the near term. AI’s most immediate impact is serving as a “force multiplier” for existing tactics, particularly social engineering methods such as phishing.
Attackers using AI systems can quickly generate fluent, multilingual and context-aware communications to scale their impersonation campaigns and make themselves harder to detect.
Cybercriminals are already leveraging AI tools to generate more convincing phishing emails, craft realistic business email compromise (BEC) messages and produce natural-sounding scripts for voice phishing (aka vishing), at scale.
These methods are enabling attackers to mimic legitimate employees, executives or vendors with increasing accuracy. A fraudulent request for payment from a “vendor” or a “senior executive” now includes convincing language, accurate context and in some cases, voice replication.
One misconception about why attackers are leveraging AI is that they are attempting to deploy more sophisticated malware. However, AI is not replacing traditional cyberattack methods; it is simply making deception faster, more efficient, believable and easier to scale.
Once attackers obtain valid credentials, the rest of the intrusion becomes significantly easier. Security systems often treat authenticated users as trusted participants in the network, allowing attackers to move freely without triggering alarms.
Moving from access control to continuous identity verification
The shift toward identity-driven attacks exposes a major limitation in traditional cybersecurity models. Many organizations still rely on static authentication methods that verify a user only during the time they’re logging in.
Once credentials are accepted, the system assumes the user remains trustworthy for the duration of the session. But if attackers are logging in with stolen or manipulated credentials, that assumption becomes dangerous.
Organizations must therefore rethink how trust is established and maintained across their digital ecosystems. Instead of focusing solely on granting access, security strategies must evolve toward continuous identity verification.
Continuous verification means validating the authenticity of users, vendors and system interactions throughout the lifecycle of a session. It involves monitoring behavior, verifying identity signals during sensitive transactions and confirming that the users accessing systems are still legitimate participants.
This approach is vital for third-party access, where vendors and service providers often operate inside partner enterprise environments for extended periods.
By continuously validating identity rather than relying on one-time authentication, organizations can detect anomalies that signal compromised credentials, impersonation attempts or unauthorized activity.
For supply chain leaders, this is an important shift in mindset and overall security strategy. Security is no longer just about protecting infrastructure or preventing unauthorized entry. It is about ensuring that every person interacting with the system is authentically who they claim to be.
Rebuilding trust across digital supply chains
As supply chains become more digitally connected, the number of interactions between organizations, vendors and systems will continue to grow. Automation, cloud platforms and shared data environments are essential for modern logistics and business operations, but they also expand the number of identities operating within these ecosystems.
Maintaining trust in this environment requires a stronger focus on identity verification and credential hygiene across the organization and supply chain partner ecosystem.
Organizations must ensure that employees, contractors and vendors are continuously verified, that credentials cannot be easily abused, and that access privileges align with the actual identity behind each interaction.
Security strategies that prioritize identity rather than focusing solely on perimeter defense will be best positioned to detect and stop modern attacks.
