The senior information security executive at JPMorgan Chase is urging the software industry to prioritize secure development practices over speed to market, warning that increasing supply-chain disruptions are weakening the global economic system.
Patrick Opet, global CISO at JPMorgan Chase, warned in an open letter on Friday that global companies are dependent on interconnected technologies and warned that software needs to be secure by default.
Opet said that because global companies are increasingly reliant on a small number of software-as-a-service providers, a hack or other disruption can disrupt critical infrastructure providers around the world.
JPMorgan Chase officials have seen the warning signs up close, Opet said.
“Over the past three years, our third-party providers experienced a number of incidents within their environments,” Opet wrote. “These incidents across our supply chain required us to act swiftly and decisively, including isolating certain compromised providers and dedicating substantial resources to threat mitigation.”
JPMorgan Chase in 2024 disclosed a third-party software issue that impacted more than 451,800 people, according to a filing with the Maine attorney general’s office. The flaw allowed three employees to see certain records of retirement plan participants.
The bank faced trading disruptions because of the July 2024 international IT outage created by a faulty CrowdStrike software upgrade, according to Bloomberg. The outage caused 8.5 million Windows devices to fail, leading to widespread disruptions across the airline industry, health care, financial services and other critical industries.
Source: Cybersecurity Dive