TL;DR: Third-party compromise increasingly reaches identity systems, credentials, and downstream data access, reinforcing a familiar pattern in 2025 attack reporting, according to Saviynt. When suppliers sit inside the trust path, IAM, NHI, and PAM controls inherit their failure modes.
NHIMG editorial — based on content published by Saviynt covering the Sisense breach: Sisense breach highlights rise in major supply chain attacks
By the numbers:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, 46% confirmed and 26% suspected.
Questions worth separating out
Q: How should security teams govern third-party identities that can reach production systems?
A: Treat third-party identities as first-class assets with owners, scopes, expiry, and revocation paths.
Q: Why do supply chain attacks so often become identity incidents?
A: Because attackers rarely need to break the application when a trusted supplier identity already has the reach they want.
Q: What do security teams get wrong about third-party access reviews?
A: They review the vendor relationship instead of the live entitlements.
Practitioner guidance
- Inventory supplier identities by actual entitlement Build a live register of every vendor account, token, certificate, and federated role that can touch production systems.
- Separate supplier credentials by environment Issue distinct credentials for development, test, and production access, and reject shared secrets across customer tenants or business units.
- Tie offboarding to contract and telemetry When a supplier relationship ends or changes scope, revoke access using entitlement telemetry rather than waiting for manual confirmation.
What's in the full analysis
Saviynt's full news coverage covers the source detail this post intentionally leaves for the article:
- The linked coverage around the Sisense breach and adjacent 2025 security stories that frame the supply chain risk pattern.
- The specific news context Saviynt used to connect vendor incidents with identity and access governance.
- The surrounding article stream that shows how often identity issues appear alongside broader cybersecurity reporting.
- The exact publication context for readers who want to trace the original news item in Saviynt's feed.
👉 Read Saviynt's coverage of the Sisense breach and supply chain identity risk →
Supply chain attacks and identity risk: what IAM teams miss?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
Supply chain compromise is now an identity governance problem, not just a vendor risk problem. The breach surface appears when suppliers hold identities, secrets, or delegated rights inside customer environments. That means IAM teams, not only procurement and security review teams, have to own the trust path. The practitioner conclusion is simple: supplier risk must be measured in entitlements and revocation capability, not in contract language alone.
A few things that frame the scale:
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to the same report.
A question worth separating out:
Q: Who is accountable when a supplier identity is abused in a breach?
A: Accountability usually spans the business owner of the service, the identity team that issued or federated access, and the third party that held the credential. Frameworks such as NIST CSF and zero-trust models expect clear ownership and revocation discipline. Without that, nobody can prove where control failed.
👉 Read our full editorial: Supply chain attacks expose the identity risk hidden in third parties