- This news round-up brings you key cybersecurity stories from the past month.
- Top cybersecurity news: FBI warns of dual ransomware threat; Companies struggle to overcome cyberskills gap; Actor Tom Hanks distances himself from AI deepfake advert.
1. US companies face dual ransomware attack risk, says FBI
The Federal Bureau of Investigation (FBI) is warning companies in the United States to be alert to the risk of dual ransomware attacks, in which the same organization is targeted more than once in quick succession.
The warning came in an FBI private industry notification dated 27 September 2023: “The FBI noted a trend of dual ransomware attacks conducted in close proximity to one another. During these attacks, cyber threat actors deployed two different ransomware variants.”
The FBI also pointed out that a range of ransomware tools are being used in different combinations – with potentially devastating consequences for targeted companies. “This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments. Second ransomware attacks against an already compromised system could significantly harm victim entities.”
In most cases, the second attack has come within 48 hours of the first, but the period between attacks has been as long as 10 days.
To mitigate the risks from dual ransomware attacks, the FBI recommends companies review their security posture, maintain offline back-ups of critical data and ensure those back-ups are encrypted.
2. Companies failing to close global cybersecurity skills gap
A report into employment challenges in the cybersecurity sector finds companies around the globe are failing to fill millions of vacant positions. The Information Systems Audit and Control Association (ISACA), which has 170,000 members in 188 countries, has published its 2023 State of Cybersecurity global update.
The report, which details the opinions of 2,178 members who responded to a global survey, found the industry was failing to attract recruits to fill positions from entry-level right up to C-suite roles.
Looking to the future, ISACA sees no short-term solution to the staffing challenges in the sector and a rising demand for skilled cybersecurity specialists.
The report’s findings align with the World Economic Forum’s Global Cybersecurity Outlook, 2023, which reveals that 59% of business leaders and 64% of cyber leaders rank talent recruitment and retention as key challenges for managing cyber resilience. Additionally, less than half of the respondents reported having the people and skills needed today to respond to cyberattacks.
According to the Forum’s Future of Jobs 2023 report, cybersecurity is among the top strategically emphasized skills for the workforce. Yet, there is a shortage of 3.4 million cybersecurity experts to support today’s global economy.
A less traditional approach to training and recruitment in the cybersecurity sector, focused on diversity and a less rigid reliance on qualifications, could significantly widen the pool of available talent.
The World Economic Forum Centre for Cybersecurity drives global action to address systemic cybersecurity challenges. It is an independent and impartial platform fostering collaboration on cybersecurity in the public and private sectors. Here are some examples of the impact delivered by the centre:
Cybersecurity training: Salesforce, Fortinet, and the Global Cyber Alliance, in collaboration with the Forum, provide free and accessible training to the next generation of cybersecurity experts worldwide.
IoT security: The Council on the Connected World, led by the Forum, has established IoT security requirements for consumer-facing devices, safeguarding them against cyber threats. This initiative calls upon major manufacturers and vendors globally to prioritize better IoT security measures.
Paris Call for Trust and Security in Cyberspace: The Forum is proud to be a signatory of the Paris Call, which aims to ensure global digital peace and security, emphasizing the importance of trust and collaboration in cyberspace.
Contact us for more information on how to get involved.
3. News in brief: Top cybersecurity stories this month
The US Cybersecurity and Infrastructure Security Agency (CISA) has launched a new campaign for the 20th Cybersecurity Awareness Month. Under the campaign theme of Secure our World, CISA is urging organizations and individuals to take four steps to protect themselves against the growing threat from cybercriminals: use strong passwords; switch on multi-factor authentication; regularly update software; and recognize and report phishing attempts.
Cybersecurity and Infrastructure Security Agency
Hackers have broken into computers at the International Criminal Court (ICC) in The Hague, Netherlands. The ICC investigates war crimes and crimes against humanity. According to Reuters, staffers at the ICC noticed unusual activity on its computer networks. The ICC said it was working to mitigate the impact of the cybersecurity breach.
Ukraine has accused Russia of hacking its law enforcement computer systems. Ukraine’s head of cyber defences said the Ukrainian Prosecutor General’s office and departments documenting war crimes had been targeted, Reuters reports.
More than 50 organizations in Colombia have been targeted in a widespread cyberattack. According to Reuters, the ransomware attack hit government systems and private companies after hackers targeted an Internet Service Provider.
The Hollywood actor Tom Hanks has warned consumers that an advertisement in which he appears to promote a dental plan is a deepfake created using AI technology. Hanks posted a screengrab from the video on Instagram, explaining to his 9.5 million followers, “I have nothing to do with it.” The emergence of generative AI has raised concerns that convincing fake imagery could aid the spread of disinformation and damage trust in online content.
4. More on cybersecurity on Agenda
The European Union’s new Digital Markets Act is aiming to regulate tech giants like Google, Facebook and Amazon. The law seeks to ensure fair competition, data sharing and transparency around tracking users’ data. There are significant fines for non-compliance.
Every online user is facing a growing threat from ransomware – malware designed to deny an organization access to files or data on their computer. This article details six ways individuals and organizations can protect themselves from online extortion.
The energy systems that underpin entire economies are facing “an unprecedented threat” from cyberattacks, according to the International Energy Agency (IEA). Industry research shows that utility companies are spending an average of 8% of their total IT budget on cybersecurity – but the number of attacks is outpacing spending.