A Single Partner for Everything You Need With more than 450 technology partners in its ecosystem, Optiv provides clients with best-in-class security technology and solutions that equip organizations to detect and manage cyber threats effectively and efficiently in today's growing attack surface. Optiv's Partner of the Year Awards recognize forward-thinking innovation, performance and growth, and unparalleled technology solutions.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Lessons in Supply Chain Security from Recent Third-Party Breaches Breadcrumb Home Insights Blog Lessons in Supply Chain Security from Recent Third-Party Breaches August 15, 2025 Evolving Attack Surface: Perimeter to Identity Traditionally, the attack surface was the network perimeter – think firewalls, intrusion detection systems and end points. With the rise of cloud computing, remote work, interconnected SaaS applications and the human element, this perimeter as we know it has dissolved. There is a new perimeter – identity and trust. This shift also introduced a crucial new player: non-human identities. Think of machines, applications, bots and services – these entities are numerous, use credentials and communicate with each other using API keys, OAuth tokens and service accounts. They have no passwords to change, no MFA to enforce and no phishing training to prevent them from being compromised. Recent public third-party breaches were a direct attack on this new perimeter. How Identity-Based Supply Chain Attacks Materialize Recent Supply Chain Attacks (SCA) exploited a trusted integration to access customer data. As opposed to breaching individual firms, attackers compromised the application system to steal the OAuth tokens of its customers. These tokens acted as digital keys, giving the attackers legitimate, albeit unauthorized, access to a wide range of connected services. This resulted in the vectors being able to access the environment where the tokens were stored and not the OAuth protocol itself. Using these stolen tokens, the attackers were able to extract vast amounts of sensitive data from the Customer Relationship Management (CRM) instances of multiple companies. The core of the attack and its success can be attributed to four key factors: Excessive, long-lived OAuth permissions: The integration had tokens/refresh tokens with broad, long-lived privileges, which allowed for their exploitation and enabled exfiltration of sensitive CRM data. Tokens that persist without frequent rotation are high-value targets. Supply-chain trust assumptions: Organizations implicitly trust third-party applications and often grant a wide scope of access during onboarding without continuous revalidation of least privilege. This causes catastrophic fallout when the attack is on a shared infrastructure widely used by hundreds of organizations. Secrets stored in CRM records: Teams sometimes store keys/credentials in notes, attachments or free-text fields, making CRM a treasure trove for actors that can execute structured queries. Insufficient third-party governance and detection telemetry: Limited visibility into third-party actions in tenant and gaps in detection for OAuth misuse can slow down detection and response. How Organizations Are Impacted The mass theft of authentication tokens leaves many enterprises scrambling to revoke and rotate credentials before attackers can exploit them. Incident response teams across industries are forced into urgent action, disabling integrations, reissuing keys and alerting employees and customers. For the organizations involved, this means: Sensitive data exposure: Not just Personally Identifiable Information (PII) and customer records, but embedded credentials and API tokens that provide access to downstream systems can be exposed. Downstream compromise risk: Exposed AWS or Snowflake keys open the door to lateral movement into critical cloud environments. Operational disruption: Vendors disabling integrations and emergency token rotations disrupt business workflows, particularly in sales and support functions. Trust and reputational damage: Customer confidence can be shaken, with affected companies facing scrutiny from regulators, partners and clients. Optiv’s Approach While reactive defense is essential, the real lesson is in having a proactive approach to defense. This underscores the crucial need to have tools configured to look at anomalous behavior from trusted applications and have comprehensive vendor assessments. It is not just malicious actors from untrusted sources that organizations need to worry about. Trusted applications also need to be assessed regularly, with assurance that vendors are prudent with their application assessments and overall security posture with visibility into how non-human identities are managed. This requires a combination of continuous monitoring combined with risk-based assessments of security practices within vendor organizations. Optiv offers a comprehensive line of Third-Party Risk Management Solutions in securing your organization from supply-chain driven vulnerabilities. Click here to learn more about what we do at Optiv, or drop us a line. By: Pradeep Sekar Director, Cyber Strategy & Transformation | Optiv Pradeep Sekar, Senior Director at Optiv, is a seasoned cybersecurity who has worked closely with and guided Fortune 100 and Fortune 500 Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and their teams across various industries to develop and sustain secure, adaptive and robust cybersecurity programs. By: Felix Koottakkara Felix Koottakkara is a cybersecurity consultant with Optiv specializing in third-party risk management, helping organizations identify, assess and mitigate vendor-related security risks. With experience spanning audits, advisory and governance frameworks, he focuses on enabling secure, resilient partnerships in complex enterprise environments. By: Jathin Sadu Jathin Sadu, Associate Consultant at Optiv, specializes in Strategy and Risk Management with a focus on third-party risk and program development. Jathin’s experience includes supporting organizations across industries in strengthening risk management practices, enhancing third-party program maturity, advancing cybersecurity resilience and aligning security programs with evolving business and regulatory demands. Share: