Beyond Traditional Risk Scores: A New Way to Predict Vendor Cyberattacks
In today’s interconnected world, your organization’s security is only as strong as your weakest vendor. Managing third-party risk has become one of the most complex challenges for security teams. You might have hundreds of vendors, each with a generic risk score, but these numbers often fail to answer the most critical question: Which of my vendors is most likely to be attacked, and by whom?
The traditional approach to third-party risk management (TPRM) is drowning in data but starving for insight. Security teams face a constant barrage of alerts and vulnerabilities, leading to “alert fatigue” and a reactive, checklist-driven security posture. This method often overlooks the crucial context of how cybercriminals actually operate.
A groundbreaking new approach is emerging, designed to shift vendor risk management from a reactive guessing game to a proactive, threat-informed strategy. By looking beyond simple vulnerabilities, this new model helps predict which vendors are most susceptible to attacks from specific, known adversary groups.
The Problem with Outdated Vendor Risk Models
For years, vendor security has been measured using broad strokes. A typical risk score might tell you a vendor has several unpatched systems or open ports. While useful, this information lacks critical context. It doesn’t tell you:
- If these specific vulnerabilities are actively being exploited in the wild.
- Which threat actor groups (like FIN7, Lazarus Group, or Magecart) specialize in using these exact techniques.
- The actual likelihood of an attack, versus the simple possibility.
Without this intelligence, security teams are forced to treat all vulnerabilities as equally urgent, making it nearly impossible to prioritize resources effectively.
A Threat-Informed Approach: Introducing the Susceptibility Index
To solve this problem, a new type of scoring model—a susceptibility index—is changing how organizations view vendor risk. Instead of just listing weaknesses, this model connects a vendor’s security posture directly to the known tactics, techniques, and procedures (TTPs) of real-world threat actors.
Here’s how it works:
Mapping to Real-World Tactics: The system analyzes a vendor’s external security footprint and maps its vulnerabilities to the MITRE ATT&CK framework. This framework is a globally recognized knowledge base of adversary tactics and techniques based on real-world observations.
Connecting to Threat Actors: It then identifies which specific threat actor groups are known to use the TTPs that match the vendor’s weaknesses. For example, if a vendor has a specific misconfiguration, the model can determine if that is a preferred entry point for a group known to target your industry.
Calculating True Susceptibility: Based on this analysis, the model generates a score that reflects the likelihood of an attack by a known adversary. This is far more powerful than a generic score. A vendor with a few highly exploitable vulnerabilities targeted by active threat groups is a much greater risk than a vendor with dozens of low-impact weaknesses that no one is exploiting.
This new methodology provides a clear, predictive view of risk, allowing organizations to understand not just if a vendor is vulnerable, but how susceptible they are to a targeted attack.
Why This Is a Game-Changer for Supply Chain Security
Adopting a threat-informed model for vendor risk offers several transformative benefits for any organization serious about cybersecurity.
- Prioritize with Precision: Security teams can finally move beyond endless lists of alerts. By knowing which vendors are most likely to be targeted by active adversaries, you can focus your remediation efforts and resources where they will have the greatest impact.
- Move from Reactive to Proactive: Instead of waiting for a breach to happen, you can proactively engage with high-risk vendors whose security gaps align with known adversary playbooks. This allows you to address threats before they are exploited.
- Make Data-Driven Decisions: This approach provides the context needed to have meaningful security conversations with your partners. You can go to a vendor and say, “Your specific configuration makes you a prime target for Group X, which is highly active in our sector. Let’s work together to fix this.”
Ultimately, this shift is about moving beyond compliance and focusing on building a truly resilient security program. It’s about understanding the “so what?” behind every vulnerability.
Actionable Security Tips for Your Organization
Integrating this forward-thinking approach into your TPRM program is essential for defending against modern supply chain attacks. Here are some actionable steps you can take:
- Demand Deeper Insights from Your Tools: When evaluating vendor risk solutions, ask if they provide context on threat actors. A simple score is no longer enough. Insist on intelligence that links vulnerabilities to specific adversary TTPs.
- Adopt a Threat-Informed Mindset: Encourage your security team to think like an attacker. When assessing a vendor, ask: “If I were a cybercriminal, how would I breach this company?” Use frameworks like MITRE ATT&CK to guide this analysis.
- Map Your Most Critical Vendors: Not all vendors are created equal. Identify the partners with the most access to your sensitive data or critical systems and apply this deeper level of scrutiny to them first.
- Foster Collaborative Security: Use this detailed intelligence to work collaboratively with your vendors. Sharing specific, actionable threat information is far more effective than sending a generic, automated report.
The future of cybersecurity lies in proactive, intelligent defense. By understanding which of your vendors are truly in the crosshairs of cybercriminals, you can strengthen your supply chain, protect your data, and stay one step ahead of emerging threats.
Source: https://www.helpnetsecurity.com/2025/08/06/black-kite-asi-adversary-susceptibility-index/
