Software Supply Chain Attacks To Cost The World $60 Bn By 2025
Cybersecurity Ventures predicts that the global annual cost of software supply chain attacks to businesses will reach a staggering $138 billion by 2031, up from $60 billion in 2025, and $46 billion in 2023, based on 15 percent year-over-year growth.
Instead
of directly focusing attacks on an end-user target, hackers are compromising
weak links in existing software supply chains to wreak havoc, leading to some
of the most prominent cybersecurity incidents and data breaches of recent years.
“Managing supply chain risk is still one of the,
if not the biggest, problem for CISOs,” says Philip Reitinger, president and
CEO of the Global Cyber Alliance, former SVP and CISO at SONY, and former
deputy chief, Computer Crime Section, at the U.S. Department of Justice. “It’s
the greatest area of unmanaged or hard-to-manage risk.”
Gartner predicts that by 2025, 45 percent of
organizations worldwide will have experienced attacks on their software supply
chains, a three-fold increase from 2021.
“In the era of DevOps – fast and continuous
development – you simply cannot secure software from the outside,” says Guy
Podjarny, founder of Snyk. “Fundamentally, the only way to keep up with the
pace of software change is to get developers actually building secure software,
and move the security to be where the decision is made.”
While formal interactions between defenders and
business leaders are becoming more frequent, according to the World Economic
Forum, increased communication and collaboration between developers and
security professionals must also become a priority.
Digital transformation, hybrid and remote work,
and the escalating threat of cybercrime have forced organizations to rethink
how they view security in relation to their software supply chains.
Leave A Comment