Notifications
Clear all
Topic starter
25/06/2026 3:03 pm
TL;DR: A ransomware attack on a major aerospace company disrupted airline check-in operations across Europe, and Imprivata reports that 47% of organisations suffered a third-party breach in the past year, with more than a third tied to excessive privileged access. The pattern shows why vendor identity governance now affects operational continuity, not just security hygiene.
NHIMG editorial — based on content published by Imprivata: Major Aerospace Cyberattack Underscores Need for Increased Third-Party Security
By the numbers:
- 47% of organisations reported a third-party breach in the past year.
- 58% of organisations lack a consistent vendor access plan.
Questions worth separating out
Q: How should organisations reduce ransomware risk from third-party access?
A: They should treat supplier identities as high-risk production access, not as administrative convenience.
Q: Why do vendors with excessive privileged access increase outage risk?
A: Excessive privilege gives an attacker or compromised supplier account more system reach than the business task requires.
Q: What do security teams get wrong about third-party resilience?
A: They often assume resilience means having a manual fallback after systems fail.
Practitioner guidance
- Map every third-party identity to a business service Inventory vendor and contractor accounts by the production service they can reach, then assign an owner for each access path.
- Enforce time-bounded access for supplier support Replace open-ended vendor access with task-scoped sessions that expire automatically when the support window ends.
- Test emergency revocation before the next incident Run containment exercises that isolate a supplier identity without shutting down the service it supports.
What's in the full analysis
Imprivata's full report covers the operational detail this post intentionally leaves for the source:
- A closer look at the third-party breach pattern behind the aviation incident and why privileged access is the recurring failure point.
- The research breakdown of vendor access planning gaps, including how organisations structure and review third-party permissions.
- Practical guidance on applying just-in-time controls, session monitoring, and least privilege to supplier identities.
- The cost implications of related breaches, including why operational disruption magnifies the financial impact in aviation and other critical sectors.
👉 Read Imprivata's analysis of third-party access failures in aviation ransomware disruption →
Third-party access in aviation: where vendor risk controls are breaking down?
Explore further
25/06/2026 4:21 pm
Third-party identity is now an operational resilience control, not a perimeter control. The aviation incident shows that vendor compromise can immediately affect customer-facing services, which means identity governance for suppliers belongs in continuity planning as much as in security review. If a vendor can stop check-in, it is part of the core operational stack, and the practitioner implication is to govern supplier identities as production dependencies.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who is accountable when a supplier identity causes business disruption?
A: Accountability usually sits with the business owner of the service, the identity team, and the third-party risk function together. Supplier access is a shared governance issue, so control ownership must cover onboarding, privilege scope, session monitoring, and offboarding. Without that shared accountability, access drift becomes nobody’s problem until an incident makes it visible.
👉 Read our full editorial: Third-party access controls failed aviation resilience in a ransomware event
