Financial losses due to disruptions in software supply chains could surpass 46 billion dollars in 2021
In a recent development, the software supply chain attack against X_Trader has claimed at least four additional victim organizations, marking a significant escalation in the scope of such attacks. This incident, which also affected 3CX, is considered the first multitiered supply chain attack, according to cybersecurity analysts.
The compromise of 3CX and its build environment was traced back to a 3CX employee who used their credentials to download and install malware-laced X_Trader software from Trading Technologies, as reported by Mandiant. This incident serves as a stark reminder of the risks unsuspecting organizations face in their digital environments.
Juniper Research, a leading authority on cybersecurity, predicts that businesses worldwide will incur nearly $46 billion in costs from software supply chain attacks this year. Financial losses attributed to such attacks are expected to jump 76% and cost the global economy almost $81 billion in lost revenue and damages by 2026.
The continued jump in costs to organizations is attributed to insufficient cybersecurity resources, a failure to recognize the value of data and processes, and a lack of awareness about what constitutes this persistent threat, according to Juniper Research analysts.
In response, cyber authorities in the White House and the Cybersecurity and Infrastructure Security Agency are advocating for a shift in responsibility for security on software, hardware, and platform providers onto the vendors developing and selling those products. However, some vendors have pushed back on the secure-by-design and secure-by-default principles outlined in the White House's national cybersecurity strategy.
Bolstering the security of software is a core tenet of the White House's national cybersecurity strategy. U.S. officials are assessing how far they can go in achieving the responsibility shift for software security, with most experts acknowledging that congressional legislation will be required to achieve the desired outcome.
Juniper Research identifies Microsoft, Google, Apple, and Amazon as the main companies bearing the costs of software supply chain attacks this year. Organizations in healthcare, finance, government, and automotive are expected to bear the majority of these costs, according to the research.
Significant structural changes to software supply chain security management are needed to prevent unsuspecting organizations from falling victim to cyberattacks, according to Juniper Research analysts. The recent supply chain attack against 3CX in March serves as a stark reminder of the extent to which these attacks can accelerate and damage many downstream victims.
However, it seems that a software liability regime from the current Congress is unlikely, as stated by Acting National Cyber Director Kemba Walden. Despite this, efforts to improve software supply chain security continue, with the hope that collaboration between industry leaders, governments, and cybersecurity experts will lead to a safer digital landscape for all.
Read also:
- List of 2025's Billionaire Video Game Moguls Ranked by Fortune
- Dynamic exchange of power and data is shaping the network of tomorrow
- Italy passes legislation regulating AI, focusing on privacy protection, supervision, and safeguards for minors
- Enhanced Technologies for Privacy in Data Transmission and Network Sharing
