Sisense breach and supply chain identity risk: what teams should do

TL;DR: Supply chain attacks are increasingly using compromised non-human identities and delegated access to move through trusted relationships, with major incidents like the Sisense breach underscoring how third-party exposure can widen blast radius according to Saviynt. The lesson is that identity governance must extend beyond direct employees to vendors, service accounts, and machine credentials before trust becomes an attack path.

NHIMG editorial — based on content published by Saviynt covering the Sisense breach and rising supply chain attack risk: Sisense Breach Highlights Rise in Major Supply Chain Attacks

By the numbers:

• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, 46% confirmed and 26% suspected.
• Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months.

Questions worth separating out

Q: What breaks when third-party access is not tightly governed in supply chain environments?

A: The trust relationship itself becomes the attack path.

Q: Why do supply chain breaches so often become identity problems?

A: Because modern suppliers connect through identities, not just network links.

Q: What do security teams get wrong about vendor access reviews?

A: They often review the existence of a relationship instead of the actual identity footprint.

Practitioner guidance

• Inventory every third-party identity path Catalogue vendor accounts, API keys, tokens, certificates, and service accounts that connect external parties to internal systems.
• Segment supplier access by function and environment Separate development, testing, and production permissions so a single partner identity cannot move laterally across unrelated workloads.
• Enforce lifecycle offboarding for external access Require formal removal of third-party credentials when a contract ends, an integration changes, or a service is retired.

What's in the full analysis

Saviynt's full article covers the operational detail this post intentionally leaves for the source:

• The article's wider news context around Sisense and related supply chain coverage.
• Additional items from Saviynt's news stream that frame how the vendor is positioning identity security.
• The original article page and surrounding updates that situate the breach within current identity-risk coverage.

👉 Read Saviynt's coverage of the Sisense breach and supply chain identity risk →

Sisense breach and supply chain identity risk: what teams should do?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →