- This news round-up brings you key cybersecurity stories from the past month.
- Top cybersecurity news: US government announces strategy to combat shortages in the cyber workforce; OT and IoT security threats up tenfold in six months; Algorithm trained to steal information based on keystrokes.
1. White House unveils plans to tackle cyber workforce shortage
The Biden administration has unveiled its strategy to strengthen the US’ cyber workforce in a bid to tackle the large number of vacancies in the short and longer term.
The National Cyber and Workforce Education Strategy aims to increase basic-level cyber skills across the country, transform cyber education and boost the cyber workforce, including the federal workforce.
“Filling the hundreds of thousands of cyber job vacancies across our nation is a national security imperative,” the White House says.
The document builds on the National Cybersecurity Strategy announced in March.
The World Economic Forum Centre for Cybersecurity drives global action to address systemic cybersecurity challenges. It is an independent and impartial platform fostering collaboration on cybersecurity in the public and private sectors. Here are some examples of the impact delivered by the centre:
Cybersecurity training: Salesforce, Fortinet, and the Global Cyber Alliance, in collaboration with the Forum, provide free and accessible training to the next generation of cybersecurity experts worldwide.
Cyber resilience: Working its partners, the Centre is playing a pivotal role in enhancing cyber resilience across multiple industries: Oil and Gas, Electricity, Manufacturing and Aviation.
IoT security: The Council on the Connected World, led by the Forum, has established IoT security requirements for consumer-facing devices, safeguarding them against cyber threats. This initiative calls upon major manufacturers and vendors globally to prioritize better IoT security measures.
Paris Call for Trust and Security in Cyberspace: The Forum is proud to be a signatory of the Paris Call, which aims to ensure global digital peace and security, emphasizing the importance of trust and collaboration in cyberspace.
Contact us for more information on how to get involved.
The US is also stepping up regulation against cybercrime. Publicly traded companies will now have to share details of hacking incidents against them within four days.
The new rule, put in place by the US Securities and Exchange Commission, is intended to help tackle the mounting cost and frequency of cyberattacks.
2. OT/IoT malware threats jump tenfold in first half of 2023
Malware-related security threats in operational technology (OT) and Internet of Things (IoT) devices jumped tenfold in the first half of the year, according to data from Nozomi Networks.
Activity increased 96% in the broad category of malware and potentially unwanted applications, telemetry from the cybersecurity firm shows. Meanwhile, threat activity related to access controls more than doubled. Nation states, criminal groups and hacktivists continue to target healthcare, energy and manufacturing, Nozomi says.
Separate research by cybersecurity firm BlackBerry shows there were 55,000 attacks against government and public entities carried out by nation-state actors and hackers from March to May. This represents a 40% hike on the previous quarter.
The most common targets were government entities in North America, Australia, South Korea and Japan.
3. News in brief: Top cybersecurity stories this month
A team of researchers has trained a deep-learning model to steal information based on the noise of computer keystrokes. When trained on keystrokes recorded on a nearby phone the algorithm was able to predict them with 95% accuracy. When the recording was done via Zoom, accuracy was 93%. This demonstrates the potential for passwords or sensitive information to be stolen based on sound alone.
The UK government has warned that a serious cyberattack on critical infrastructure has a 5-25% chance of happening in the next two years. Its National Risk Register 2023 report says such attacks could result in thousands of deaths or casualties.
The US Cybersecurity and Infrastructure Security Agency has released its FY2024-2026 Strategic Plan, which is aimed at complementing the White House’s cybersecurity strategy. The plan sets out a vision for addressing immediate cybersecurity threats, helping organizations improve their cybersecurity and driving its adoption at scale.
Sporting events are increasingly prone to cyberattacks, a new report from Microsoft has highlighted. There has been an increase in attacks against high-profile sporting events in recent years by both politically and financially motivated bad actors, the report says.
The UK’s elections watchdog has disclosed a significant cyber-attack, with “hostile actors” breaching electoral registers and email systems, the BBC reports. The hackers potentially had access to the names and addresses of UK voters for several weeks from August 2021 as the attack was not detected until October.
The rush to develop AI systems and grab market share could lead to cybersecurity oversights, according to the CEO of the UK’s National Cyber Security Centre. “The scale and complexity of these models is such that if we don’t apply the right basic principles as they are being developed in the early stages, it will be much more difficult to retrofit security,” Lindy Cameron told the BBC.
North Korean hackers breached computer networks at a Russian missile developer for an extended period last year, Reuters reports. Pyongyang subsequently announced numerous developments related to its banned ballistic missile programme, although it is not certain whether these were linked to the hacking activity.
4. More on cybersecurity on Agenda
Do we need a UN watchdog to fight deep fakes and other AI risks, asks Dr Jean-Marc Rickli, Head of Global and Emerging Risks at the Geneva Centre for Security Policy. Global and national governance needs to become more reactive and anticipatory given the exponential technologies that have emerged, he argues.
People’s homes present an easy target for cybercriminals. Teaching cybersecurity to households, including children and the elderly, is crucial. Unsecured devices present an easy way for malicious actors to target homes.
Ransomware attacks are on the rise and becoming increasingly sophisticated. Asia-Pacific is the region most affected – but are businesses preparing in the right way? Such attacks can be a test of leadership.