- This news round-up brings you key cybersecurity stories from the past month.
- Top cybersecurity news: Various organisations have been impacted by a wide-ranging hack centered on a piece of software called MOVEit Transfer.
- In other news: New EU Data Act agreed by Council and Parliament; Viet Nam to require AI monitoring of “toxic” social media content.
1. US energy and health departments targeted by MOVEit hackers
The US Department of Health and Human Services and the US Department of Energy were among those targeted by a widespread hacking spree that exploited a weakness in the file transfer platform MOVEit Transfer.
Russia-linked extortion group Cl0p has claimed responsibility for the hack, which also affected entities including energy giant Shell, British Airways, broadcaster the BBC, and law firms Kirkland & Ellis LLP and K&L Gates LLP.
Progress, the vendor of the MOVEit software, has issued advice on dealing with the vulnerability, including a patch.
The World Economic Forum Centre for Cybersecurity drives global action to address systemic cybersecurity challenges. It is an independent and impartial platform fostering collaboration on cybersecurity in the public and private sectors. Here are some examples of the impact delivered by the centre:
Cybersecurity training: Salesforce, Fortinet, and the Global Cyber Alliance, in collaboration with the Forum, provide free and accessible training to the next generation of cybersecurity experts worldwide.
Cyber resilience: Working its partners, the Centre is playing a pivotal role in enhancing cyber resilience across multiple industries: Oil and Gas, Electricity, Manufacturing and Aviation.
IoT security: The Council on the Connected World, led by the Forum, has established IoT security requirements for consumer-facing devices, safeguarding them against cyber threats. This initiative calls upon major manufacturers and vendors globally to prioritize better IoT security measures.
Paris Call for Trust and Security in Cyberspace: The Forum is proud to be a signatory of the Paris Call, which aims to ensure global digital peace and security, emphasizing the importance of trust and collaboration in cyberspace.
Contact us for more information on how to get involved.
2. Deal agreed on fair access to and use of data in the EU
The Council presidency and European parliament representatives have reached a provisional agreement on new rules around fair access and use of data in the European Union (EU). The EU Data Act aims to harmonize laws around who can use data and stimulate a competitive data market.
However, the rules have been criticized by businesses and tech firms, which cite concerns around data flow, contractual freedom and cybersecurity.
“The Data Act will place European industry at a disadvantage by forcing it to give up hard-earned data and restricting contractual freedom, potentially leading to a new wave of de-industrialization and posing risks to our cybersecurity,” said Cecilia Bonefeld-Dahl, director general of DIGITALEUROPE, a representative body for the digital technology industry.
3. News in brief: Top cybersecurity stories this month
Viet Nam has told social media companies they must use AI models to automatically detect and delete “toxic” content, in an extension of its stringent platforms operating in the country. Facebook, YouTube and TikTok have repeatedly been asked to work with authorities to stamp out offensive or false content.
Australia has appointed its first cybersecurity chief in a bid to address a series of major data breaches and enhance security capabilities. Air Marshal Darren Goldie, a 30-year veteran, has been named the country’s national cybersecurity coordinator. This news comes just over one year after Australia became the first G20 nation to have a dedicated Cybersecurity Minister. The government has also recently reformed security rules and set up an agency to help coordinate responses to hacks.
Australia’s banking regulator has told insurer Medibank it must set aside A$250 million ($167 million) after weaknesses were found in its information security after hackers targeted it. The personal records of 9.7 former and current customers were released on the dark web last year in one of the country’s biggest data thefts. At least three separate class actions have been filed against the company.
US President Joe Biden has published his administration’s National Cybersecurity Strategy Implementation Plan. The plan details more than 65 high-impact federal initiatives, from protecting American jobs by combatting cybercrime to building a skilled cyber workforce equipped to excel in today’s digital economy.
4. More on cybersecurity on Agenda
Companies need to focus on building robust cybersecurity programmes as the world becomes increasingly digital. But clear and frequent communication is often lacking. Here’s how security professionals can create tighter bonds with critical stakeholders – across their organization and beyond.
New research suggests the education and research sector is the most frequent target of cyberattacks, suffering over 2,500 on average per week at the start of 2023.
The Council on the Connected World, a multistakeholder collaboration facilitated by the World Economic Forum has established a set of recommended requirements for Internet of Things devices. It is looking to address the lack of consensus around their use, as well as concerns over privacy, security, interoperability and equity.