Workday, a leading provider of human resources software, has become the latest high-profile organisation to suffer a security breach, in what experts are describing as a prolonged wave of social engineering and third-party cyberattacks continuing through the summer.
The breach, reportedly stemming from a vulnerability associated with the company's customer relationship management system, has led to the compromise of contact details including names, email addresses, and phone numbers. The incident is being linked by observers to a broader campaign targeting organisations through trusted platforms such as Salesforce, amplifying concerns around third-party risks in the cyber ecosystem.
Cybersecurity specialists have been quick to issue warnings that the frequency and sophistication of such attacks is only increasing. Pat Larkin, President of Ekco Security, described the Workday breach as "just the latest example showing that this summer's cyberattacks aren't easing off". He emphasised that attackers are targeting users - both within companies and across supply chains - because these vectors continue to be effective. Larkin cited a recent breach at Marks & Spencer as further evidence that end users and supply chain partners often present the weakest link, and are therefore the focus of malicious actors.
"That's why continuous end user security awareness training, monitoring, coupled with tabletop exercises and preparation at every level for incident prevention and response, from technical to boardroom, are critical," Larkin said. He advocated for empowering employees to challenge suspicious requests - even when they seem legitimate or urgent - and for providing them with policies and executive support to do so.
Highlighting the targeted nature of current threat campaigns, Larkin added, "The attacks continuously evolve and are almost always highly targeted. They usually have reconnaissance conducted and intelligence gathered to help form what appears to be a legitimate request to users with privileges of access, to grant access or make payments etc." He stressed that ongoing investment in the education and fortification of what he called "the organisation's human firewall" was a necessity.
Larkin outlined crucial steps that organisations must prioritise, such as having clear plans for responding rapidly to incidents, identifying notification protocols, and ensuring that executives are familiar with the incident response playbook. "The only way to move fast under pressure is to have already mapped out the playbook," he asserted.
Similarly, Martin Greenfield, CEO at Quod Orbis, called for a fundamental shift in how companies view their exposure to third-party risks. He described the Workday breach as "another stark reminder that third-party risk must be treated as first-party responsibility." Greenfield warned that many organisations still rely predominantly on supplier assurances and sporadic audits, which are no longer sufficient. "Without full, real-time visibility into every integration and partner connection, they remain unaware of potentially crippling vulnerabilities that third party vendors may be bringing to their organisation," he said.
Greenfield argued that adding more security tools to the technology stack does little to improve resilience if companies are unaware of exactly where and how they are vulnerable. "Effective cyber resilience depends on organisations taking ownership, enforcing standards, and demanding evidence of security across the entire supply chain," he explained. Pointing to the sequence of recent high-profile breaches through suppliers, Greenfield insisted that "one weak link can be all it takes to have huge detrimental impact on operations and reputation."
Echoing these sentiments, Pierre Noel, Field Chief Information Security Officer EMEA at Expel, explained that third-party risk consistently ranks as one of the top cyber concerns and is often the most damaging when exploited. "Yet despite its criticality, it's still under-managed in many organisations - with Workday being the latest of a long line of victims." Noel stressed the importance for IT and cybersecurity leaders to ensure any third parties with sensitive access maintain a security posture suitable for their level of risk. This, he said, involves regular risk assessments of vendors that go beyond simple questionnaires.
Noel called for a deeper understanding of partners' security arrangements and their own third-party oversight: "This means pushing for regular risk assessments of their vendors… to ensure their security posture, their incident response capabilities, and how they handle their own third-party risks is understood."
The Workday incident reinforces the reality that third-party risk has become a primary attack surface for cybercriminals. Security leaders urge organisations to treat third-party oversight as an existential business concern, bolstered by continuous education, stringent standards, and a culture of shared vigilance within and beyond company walls.