Supply chain attacks and identity risk: what IAM teams miss

TL;DR: Third-party compromise increasingly reaches identity systems, credentials, and downstream data access, reinforcing a familiar pattern in 2025 attack reporting, according to Saviynt. When suppliers sit inside the trust path, IAM, NHI, and PAM controls inherit their failure modes.

NHIMG editorial — based on content published by Saviynt covering the Sisense breach: Sisense breach highlights rise in major supply chain attacks

By the numbers:

• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, 46% confirmed and 26% suspected.

Questions worth separating out

Q: How should security teams govern third-party identities that can reach production systems?

A: Treat third-party identities as first-class assets with owners, scopes, expiry, and revocation paths.

Q: Why do supply chain attacks so often become identity incidents?

A: Because attackers rarely need to break the application when a trusted supplier identity already has the reach they want.

Q: What do security teams get wrong about third-party access reviews?

A: They review the vendor relationship instead of the live entitlements.

Practitioner guidance

• Inventory supplier identities by actual entitlement Build a live register of every vendor account, token, certificate, and federated role that can touch production systems.
• Separate supplier credentials by environment Issue distinct credentials for development, test, and production access, and reject shared secrets across customer tenants or business units.
• Tie offboarding to contract and telemetry When a supplier relationship ends or changes scope, revoke access using entitlement telemetry rather than waiting for manual confirmation.

What's in the full analysis

Saviynt's full news coverage covers the source detail this post intentionally leaves for the article:

• The linked coverage around the Sisense breach and adjacent 2025 security stories that frame the supply chain risk pattern.
• The specific news context Saviynt used to connect vendor incidents with identity and access governance.
• The surrounding article stream that shows how often identity issues appear alongside broader cybersecurity reporting.
• The exact publication context for readers who want to trace the original news item in Saviynt's feed.

👉 Read Saviynt's coverage of the Sisense breach and supply chain identity risk →

Supply chain attacks and identity risk: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →