#United States #Cybersecurity #Boston #Black Kite #Retail Risk

Black Kite's 2026 Wholesale & Retail Report: A Wake-Up Call for Cybersecurity

In an environment increasingly fraught with cyber threats, Black Kite has released its pivotal 2026 Wholesale & Retail Report, illustrating the stark realities of cybersecurity exposure within the retail and wholesale sectors. The insights reveal that a staggering over 70% of major retailers, nearly 60% of wholesalers, and a concerning 52% of the supply chain have compromised credentials. This alarming statistic highlights the pervasive nature of cyber risks in an interconnected marketplace.

The report emphasizes the importance of understanding the shared supply chain's vulnerabilities, as malicious actors see wholesale and retail not as separate entities but as part of a larger, intertwined target landscape. According to Ferhat Dikbiyik, the Chief Research Intelligence Officer at Black Kite, the threat landscape now encompasses a broad ecosystem that must be addressed comprehensively—not just through compliance checklists, but by establishing robust third-party risk management protocols.

The Interconnected Threat Landscape

Hackers are exploiting the interconnectedness of these industries, leveraging tools and malware designed to breach multiple sectors. Techniques such as Stealer Logs and MFT exploits have been tailored to serve dual purposes across both wholesale and retail sectors. As evidenced by the report, a breach at a wholesaler can provide cybercriminals with a straightforward passage to retailers that utilize those vendors.

The tactics employed by hackers necessitate a unified defense strategy among retailers and wholesalers alike. This interconnected threat demands that all stakeholders coordinate their efforts to protect sensitive data across the supply chain.

Key Findings from the Report

The report uncovers several critical insights:

• - Revenue Focus: A notable 17% of retailers affected by ransomware boasted revenues exceeding $1 billion, with attackers targeting high-value organizations in the retail space. Meanwhile, 39% of the wholesale ransomware victims reported revenues ranging between $20 million and $100 million, indicating a shift in focus to smaller enterprises as frequent targets.
• - Vulnerabilities in the Supply Chain: An alarming 42% of pivotal supply chain vendors are exposed to at least one vulnerability identified in the CISA Known Exploited Vulnerabilities (KEV) Catalog—a list of flaws currently being exploited by cyber threats.
• - Dominant Vendor Categories: The data also illustrated that two categories, Professional & Technical Services and Information Services, significantly outnumber physical counterparts within the supply chain, with a total of 1,498 companies at risk.

These findings further solidify the fact that the vulnerability inherent in shared supply chains underscores the fundamental risk in today's digital landscape, making credential theft the primary access method for attackers.

The Path Forward

In light of these revelations, it’s imperative for wholesalers, retailers, and their related vendors to prioritize robust cybersecurity measures. The report urges organizations to patch vulnerabilities mentioned in the CISA KEV catalog, particularly those that allow for Remote Code Execution (RCE)—well-known access points exploited by ransomware syndicates.

In conclusion, Black Kite's report serves as a critical resource for cybersecurity professionals and business executives alike, offering strategies to understand and contend with evolving cyber threats. By proactively managing third-party cyber risks, businesses can better safeguard their operations against supply chain disruptions. To delve deeper into these findings, visit Black Kite's Full Report.

About Black Kite

Black Kite is a leader in third-party cyber risk management, trusted by over 3,000 clients to evaluate and manage the cyber risks posed by their supply chains. Their innovative platform leverages comprehensive data covering more than 40 million companies, equipping organizations with essential insights to enhance their cyber resilience. For more information, visit www.blackkite.com.