The recent turmoil in the world of finance continues to shake things up. The emergence of Open Banking is transforming competitive dynamics in the banking and financial services ecosystem. This change has led to an increased level of concerted effort alongside most third-party vendors. As such, it has gotten simpler to access consumer banking data through Application Programming Interfaces (APIs). Yet the increased dependence on these third-party partners poses considerable cyber risks, especially as geopolitical tensions rise. Some recent attacks include Change Healthcare and the go-to infrastructure company behind dealer management systems, CDK Global. Developments like these underscore the critical importance for businesses to address vulnerabilities within their supply chains.
Further complicating this picture is the intersection of U.S. tariff policies and state-sponsored cyberattacks, creating a challenging environment for companies to operate. Cyber threats are growing and changing every day. In addition, businesses in all industries have become more worried about the safety of their supply chains, which cybercriminals today see as high-value targets.
The Impacts of Open Banking on Cybersecurity
Shortly thereafter, Open Banking transformed the landscape of the financial industry, allowing banks to share consumer data securely and efficiently with third-party service providers. This new innovation improves consumer experiences and increases competition among financial institutions. It also raises significant cybersecurity concerns.
By allowing access to sensitive information through exposed APIs, banks are putting themselves at risk for these breaches. Cybercriminals can take advantage of vulnerabilities in these third-party applications to access customer data without consent. The recent ransomware attack on Change Healthcare is an example of just this risk. After a group of hackers hacked the corporation’s security in early April 2024, they made off with more than 6TB of their sensitive protected health information (PHI) from millions of patients. Cybersecurity experts said that adopting basic security practices, such as requiring multifactor authentication (MFA), would’ve stopped this breach from happening.
Retailers and e-commerce companies alike are more often forming strategic partnerships with logistics providers, payment processors and digital marketing platforms. This trend significantly increases their vulnerability to third-party cyber risks. As these organizations grow their services, they should clearly prioritize improving cybersecurity defense. With this approach, they’ll better protect sensitive information and preserve the trust of their customers.
Geopolitical Tensions and State-Sponsored Cyberattacks
The current geopolitical landscape is marked by rising tensions and tariff policies that could exacerbate cyber threats against U.S. companies. Countries are escalating economic sanctions and trade wars. In turn, state-sponsored cyberattacks have become a key weapon in political economic warfare arsenal, being used for both espionage and disruption.
At the same time, the U.S. is raising tariffs on imported tech, hardware, raw materials and software. This action further sours trade relationships and endangers the security of our critical infrastructure. In their effort to catch up with these policies, companies are often filling gaps in their supply chains that create additional vulnerabilities. One example, hackers are gravitating towards supply chain attacks, injecting trojaned code into trusted third party software vendors and patches to break into a system.
The attack on Ukraine’s state-owned railway company, Ukrzaliznytsia, in March 2025 illustrates the potential for state-sponsored cyber threats to disrupt essential services. It caused significant disruption of passenger and freight transport services. Consequently, it emphasized the reality of our interconnected global supply chains and the critical need for pervasive, robust cybersecurity across all sectors.
The Rise of Supply Chain Attacks
Perhaps the most troubling cyber threat to date supply chain attacks mark an alarming evolution in cyber threat strategies. Unlike traditional cyber threats that focus on a single organization, supply chain attacks exploit the weakest links within an entire business ecosystem. This tactic is an effective way for cybercriminals to circumvent security measures by going after vendors or partners that have lower security standards.
In 2024, CDK Global would suffer a crippling ransomware attack. This attack affected almost all 15,000 North American auto dealerships and caused deep operational disruptions, with losses amounting to more than $1 billion in damages. This breach serves to remind us how truly vulnerable businesses that rely extensively on third-party service providers can be.
In addition, as organizations move to more Internet of Things (IoT) and Operational Technology (OT)-based devices, they introduce more complexities. Many of these devices come with underdeveloped security features, creating an open invitation for hackers. The 2020 cyberattack against the COVID-19 vaccine supply chain highlighted some serious vulnerabilities within this sector. It highlighted the importance of implementing strong security measures across all facets of the supply chain.
Reshoring and Nearshoring Trends
In response to the growing cyber risks associated with foreign suppliers, many U.S. companies are turning to reshoring and nearshoring strategies. By relocating production and sourcing closer to home, businesses aim to reduce their dependency on international suppliers and mitigate potential cyber threats.
While these reshoring initiatives improve supply chain resilience, they present various opportunities for localized economic development and job creation. This trend reflects a broader shift in corporate strategy as organizations recognize the importance of safeguarding their operations against emerging cyber risks.