Two incidents from the past week illustrate a threat pattern that few business owners have prepared for: attackers are now targeting the shared infrastructure that organizations like yours rely on daily, meaning a breach at a vendor you’ve never heard of can shut down your operations just as effectively as one at your own front door.
When the Emergency Alert System Goes Dark
On November 3rd, the INC ransomware group compromised OnSolve’s CodeRED platform — the system that powers emergency alert notifications for hundreds of municipalities and businesses across the United States. The attack halted the platform’s ability to send critical alerts, while attackers simultaneously exfiltrated resident contact data and attempted extortion.
For most business owners, this incident registered as a footnote. It shouldn’t. CodeRED is the kind of infrastructure that sits invisibly beneath everyday operations. Local governments use it for disaster alerts. Healthcare facilities use it for staff mobilization. School districts use it for closures and emergencies. When it fails, every organization that depends on it loses capability without having done anything wrong — or having any control over the situation.
That’s the core risk of what security researchers call “fourth-party exposure”: not just your vendors, but your vendors’ vendors. A ransomware group targeting one software company can simultaneously disrupt hundreds of businesses downstream. INC ransomware specifically targets platforms with many dependents because a single compromise delivers maximum leverage — more victims to extort, more pressure to pay.
Coupang Breach: 33.7 Million Records and a Lesson About Platform Dependency
Also this week, South Korean e-commerce platform Coupang reported a data breach affecting 33.7 million customer accounts. Names, email addresses, phone numbers, shipping addresses, and partial order histories were exposed. Coupang operates across multiple countries and is used by both consumers and businesses for procurement, delivery, and operations.
The scale — 33.7 million records — places this among the largest consumer breaches of the year. But the business lesson here goes beyond the record count. A growing number of small and mid-size businesses have integrated platforms like Coupang, Amazon, Alibaba, and similar marketplaces into their core operations: supplier sourcing, product delivery, client fulfillment. When these platforms experience breaches, their business customers inherit the reputational exposure whether or not they had any control over it.
Customers don’t distinguish between a breach at your vendor and a breach at you. If their information was part of a platform you directed them to, that relationship carries liability — both legal and reputational.
The Pattern Behind This Week’s Headlines
Ransomware attacks increased 45 percent in 2025 compared to the prior year, with 9,251 recorded incidents versus 6,395 in 2024. Eighty-eight percent of those attacks targeted small and mid-size businesses. The average total cost of recovery for an SMB — including downtime, data restoration, legal fees, and lost revenue — now exceeds $500,000 per incident.
What this week’s headlines confirm is that the attack surface has expanded beyond your own systems. Attackers have learned that targeting widely-used platforms multiplies their leverage. A single compromise of a shared service — an alert system, a payment processor, a cloud application — reaches thousands of dependent businesses simultaneously. The INC group’s selection of CodeRED was not accidental. It was strategic.
Business owners who evaluate their security posture only through the lens of their own infrastructure are measuring the wrong thing. The question is no longer just “how secure are we?” It’s “how secure are the services we depend on, and what happens to our business if one of them fails tomorrow?”
What Business Leaders Should Consider
- Map your critical third-party dependencies this week. List the external platforms, software services, and vendors that would disrupt your operations if they went offline for 48 hours. Include services that feel invisible — alert systems, payment processors, scheduling tools, communications platforms.
- Ask your vendors one question: do they carry cyber liability insurance? If your vendors are breached and your business suffers losses, their insurance is your first line of financial recovery. Vendors who can’t answer this question clearly represent uninsured risk in your supply chain.
- Review what data you share with platforms. For each third-party service you use, understand what customer or employee data you’ve provided them. The Coupang breach exposed data that customers gave the platform directly — but in many business relationships, you are the one who shared that data on a customer’s behalf.
- Build a 48-hour contingency for your two most critical dependencies. What would you do if your primary payment processor, your communication platform, or your key software tool went dark for two days? Write the answer down now, not during the incident.
- Request your vendors’ SOC 2 reports or equivalent security certifications. A SOC 2 Type II report is a third-party audit of a vendor’s security controls. Vendors who have completed one can provide it. Those who haven’t represent unknown risk that belongs in your vendor evaluation process.