Notifications
Clear all
Topic starter
25/06/2026 5:10 pm
TL;DR: Sisense’s breach underscores how supply chain attacks increasingly ride on third-party access paths and identity trust, with Saviynt linking the incident to broader exposure across partner and customer ecosystems. The real problem is not just compromise, but governance built on assumptions that third-party access remains bounded and reviewable.
NHIMG editorial — based on content published by Saviynt covering the Sisense breach and the rise of supply chain attacks
By the numbers:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: What breaks when third-party access is not lifecycle-governed?
A: When third-party access is not lifecycle-governed, credentials outlive the business need that created them.
Q: Why do supplier identities increase breach impact so quickly?
A: Supplier identities often connect to multiple systems, so one compromised account can unlock a much larger trust chain than a normal internal user account.
Q: How do security teams know whether partner access is actually under control?
A: Teams know partner access is under control when every external identity has an owner, a defined purpose, a current business justification, and a tested offboarding path.
Practitioner guidance
- Inventory every third-party identity path Build a complete register of partner accounts, service tokens, API keys, and delegated integrations that can reach production systems.
- Bind supplier access to lifecycle events Require every external credential to map to a contract, project, or support case so revocation is automatic when the business relationship changes.
- Segment partner access by function and environment Separate credentials used for support, data exchange, and administration, and do not reuse the same secret across development, staging, and production.
What's in the full analysis
Saviynt's full article covers the operational detail this post intentionally leaves for the source:
- The specific Sisense breach context and how Saviynt links it to supply chain attack patterns
- Additional examples of recent incidents that reinforce why third-party identity trust is expanding attack surface
- The article's broader news roundup and related security commentary that sits around the Sisense reference
- Saviynt's own framing of why this incident matters for cloud delivery and identity security programs
👉 Read Saviynt's analysis of the Sisense breach and supply chain identity risk →
Sisense breach and supply chain identity risk: what teams need now?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
25/06/2026 5:42 pm
Supply chain breach response is now an identity governance problem, not a vendor management sidebar. The Sisense case reinforces a pattern NHIMG has tracked repeatedly: attackers target the trust fabric between organisations, not just the product itself. Once external access is in place, the practical question becomes whether identity governance can still see, scope, and revoke that access quickly enough. Practitioners should treat third-party access as part of the core identity model, not as an exception process.
A few things that frame the scale:
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, which shows the governance gap is still widely underestimated.
A question worth separating out:
Q: Who is accountable when a supplier compromise exposes customer systems?
A: Accountability sits with both the supplier and the customer, but the customer still owns the governance of the trust relationship inside its environment. Security, IAM, and vendor-risk teams need a shared model for approving, scoping, reviewing, and revoking external access. If no one owns the lifecycle, no one owns the exposure.
👉 Read our full editorial: Sisense breach highlights the rise of supply chain identity risk
