Cybersecurity Archives | Page 340 of 392 | Digital Watch Observatory

EU member states face cybersecurity directive deadline challenges

Many EU member states are set to miss the October 17 deadline to implement the Network and Information Security Directive (N I S 2), aimed at enhancing cybersecurity for critical sectors. Only Belgium, Croatia, Italy, and Lithuania have made partial progress, while others like Germany and the Netherlands have pending legislation, and countries such as Ireland and Spain lag further behind. The directive, approved in 2022, expands protections for sectors like energy, transport, banking, and water, and replaces the previous NIS1 directive, which failed to boost cyber resilience.

Businesses are concerned about the fragmented implementation and compliance challenges, particularly for companies operating across multiple markets. The European Federation of National Associations of Water Services (EurEau) warned that delays create uncertainty for water operators, who may need financial support to meet cybersecurity requirements. Similarly, the software lobby group BSA criticised the lack of guidance on incident reporting, a key aspect of NIS 2.

The European DIGITAL SME Alliance expressed worries for small and medium enterprises that might be impacted if they are part of larger companies’ supply chains under NIS 2. The directive mandates penalties for non-compliance, including fines of up to €10 million or 2% of global revenue, and holds senior management accountable for security breaches, signaling a shift in responsibility beyond IT departments.

DOJ issues warning on trade association Information exchanges

The US Department of Justice (DOJ) has released a significant Statement of Interest, urging scrutiny of surveys and information exchanges managed by trade associations. The DOJ expressed concerns that such exchanges may create unique risks to competition, particularly when competitors share sensitive information exclusively among themselves.

According to the DOJ, antitrust laws will evaluate the context of any information exchange to determine its potential impact on competition. Sharing competitively sensitive information could disproportionately benefit participating companies at the expense of consumers, workers, and other stakeholders. The department noted that advancements in AI technology have intensified these concerns, allowing large amounts of detailed information to be exchanged quickly, potentially heightening the risk of anticompetitive behaviour.

This guidance follows the DOJ’s withdrawal of long-standing rules that established “safety zones” for information exchanges, which previously indicated that certain types of sharing were presumed lawful. By retracting this guidance, the DOJ signals a shift toward a more cautious, case-by-case approach, urging businesses to prioritise proactive risk management.

The DOJ’s statement, made in relation to an antitrust case in the pork industry, has wider implications for various sectors, including real estate. It highlights the need for organisations, such as Multiple Listing Services (MLS) and trade associations, to evaluate their practices and avoid environments that could lead to price-fixing or other anticompetitive behaviours. The DOJ encourages trade association executives to review their information-sharing protocols, educate members on legal risks, and monitor practices to ensure compliance with antitrust laws.

SimpliSafe launches new outdoor monitoring solution

SimpliSafe has launched the Active Guard Outdoor Protection service, enhancing its security offerings with a combination of AI and human monitoring. Priced at $50 per month, this new tier builds on its $32 indoor monitoring plan, providing 24/7 protection for outdoor spaces through advanced surveillance.

The new service relies on the Outdoor Security Camera Series 2, which features an ‘AI for the Familiar Face’ feature. This AI minimises false alarms by identifying known visitors. If an unrecognised person is detected, a human agent is alerted and can intervene by activating lights, triggering a siren, or notifying the authorities.

Executives at SimpliSafe emphasise that human agents retain the final decision-making authority, using AI only as a support tool. Hooman Shahidi, SVP of Product, stated that the company prioritises human judgement and workforce diversity to ensure fair monitoring practices. CEO Christian Cerda noted that while the company explores generative AI, it remains cautious about implementing new technologies.

The Series 2 camera costs $200 and offers HD recording, a 140-degree field of view, and two-way communication. It can be powered by batteries or connected to a power source and is waterproof for outdoor use. SimpliSafe, founded in 2006, operates primarily in the US but has expanded to the UK since 2019.

Dane Stuckey joins OpenAI as it boosts security for AI technologies

Dane Stuckey, former Chief Information Security Officer (CISO) of Palantir, has been appointed as the new CISO at OpenAI, working alongside head of security Matt Knight. Stuckey made the announcement in a post on social media, expressing his excitement to help secure OpenAI’s technologies as they continue to grow in use and impact.

Stuckey, who joined Palantir in 2014, brings extensive experience in digital forensics and incident response, having worked in both commercial and government roles. His background may prove valuable as OpenAI continues to deepen its partnerships with the United States Department of Defense, with whom it has collaborated on various cybersecurity projects.

OpenAI has been expanding its security efforts in recent months, following the appointment of former National Security Agency head Gen. Paul Nakasone as a board member. The company has also lifted its ban on selling AI technology to the military, signalling a strategic shift towards government contracts.

In addition to Stuckey’s appointment, OpenAI has posted a new job listing for a head of trusted compute and cryptography, highlighting its commitment to developing secure AI infrastructure to protect its technologies and users.

Microsoft warns of rising cyber threats from nations

A recent Microsoft report claims that Russia, China, and Iran are increasingly collaborating with cybercriminals to conduct cyber espionage and hacking operations. This partnership blurs the lines between state-directed activities and the illicit financial pursuits typical of criminal networks. National security experts emphasise that this collaboration allows governments to amplify their cyber capabilities without incurring additional costs while offering criminals new profit avenues and the security of government protection.

The report, which analyses cyber threats from July 2023 to June 2024, highlights the significant increase in cyber incidents, with Microsoft reporting over 600 million attacks daily. Russia has focused its efforts primarily on Ukraine, attempting to infiltrate military and governmental systems while spreading disinformation to weaken international support. Meanwhile, as the US election approaches, both Russia and Iran are expected to intensify their cyber operations aimed at American voters.

Despite allegations, countries like China, Russia, and Iran have denied collaborating with cybercriminals. China’s embassy in Washington dismissed these claims as unfounded, asserting that the country actively opposes cyberattacks. Efforts to combat foreign disinformation are increasing, yet the fluid nature of the internet complicates these initiatives, as demonstrated by the rapid resurgence of websites previously seized by US authorities.

Overall, the evolving landscape of cyber threats underscores the growing interdependence between state actors and cybercriminals, posing significant risks to national security and public trust.

Kenya strengthens ICT sector through new regulatory framework and ICT Authority Bill 2024

The Kenya Communications Authority (CA) has mandated that all dealers of ICT equipment, including manufacturers, vendors, importers, and service providers, undergo a type approval process before connecting devices to the Public Switched Telecommunication Network (PSTN).

That requirement applies to a wide range of devices, such as smartphones, routers, modems, tablets, vehicle trackers, and other networking equipment, thus ensuring that these products meet national and internationally recognised standards. The directive aims to safeguard consumer health, uphold public interest, secure telecommunications networks within the country and enforce compliance through legal penalties.

Specifically, non-compliance can lead to fines reaching up to Ksh5 million ($38,759) and prison sentences of up to three years for serious infractions, while lesser offences carry penalties of up to Ksh250,000 ($1,937). Furthermore, the CA’s regulations address cybercrime by equipping authorities with the means to detect, prevent, investigate, and prosecute computer-related offences, thereby contributing to a safer digital environment in Kenya.

Additionally, to boost revenue, the Kenyan government plans to block devices imported without proper tax documentation from network activation, specifically targeting phones and other ICT equipment lacking tax records. That move strengthens regulatory control over ICT imports, promoting fair taxation and compliance with local laws.

Moreover, the proposed ICT Authority Bill 2024, introduced in May, will require ICT operators to secure operational licenses, further enhancing the quality, security, and efficiency of ICT services in Kenya. Ultimately, the bill aims to support Kenya’s digital economy and ensure that ICT infrastructure aligns with national development goals.

Thousands of users impacted by Facebook and Instagram outage

On Monday, Meta Platforms’ social media platforms Facebook and Instagram experienced a significant outage affecting thousands of users across the US. According to Downdetector, a website that tracks service interruptions, the outage peaked around 1:35 p.m. ET, with over 12,000 users reporting issues with Facebook and more than 5,000 for Instagram.

By 2:09 p.m. ET, the number of reported problems had decreased significantly to around 659 for Facebook and 450 for Instagram. Downdetector’s data is based on user-submitted reports, so the actual number of impacted users may differ.

Meta Platforms did not respond to requests for comment. Earlier this year, a similar issue disrupted services globally for more than two hours, affecting hundreds of thousands of users. That event saw 550,000 disruption reports for Facebook and around 92,000 for Instagram.

Data breach at Intesa Sanpaolo under investigation

Intesa Sanpaolo has confirmed it alerted Italy’s data protection authority regarding a data breach caused by one of its employees after carrying out detailed investigations into the incident. The bank explained that the notification was made only after conducting careful checks on the events surrounding the violation.

Despite media reports, Intesa has not yet received any formal communication from prosecutors. News agency ANSA previously reported that both the bank and its employee are being investigated following the data breach.

The breach, which is said to have affected thousands of customers, includes the personal data of high-profile individuals such as Prime Minister Giorgia Meloni. The investigation has raised concerns about data security at one of Italy‘s largest financial institutions.

As the situation develops, the bank faces increasing scrutiny over its handling of the breach, with both authorities and the public awaiting further details on the investigation.

Orro launches critical infrastructure division in Australia and New Zealand

Orro is enhancing its operational technology (OT) capabilities with the launch of its new division, Orro Critical Infrastructure, aimed at serving Australia and New Zealand. That initiative represents a significant advancement in Orro’s commitment to providing innovative solutions tailored to meet the growing demands of the industrial sector.

The division will offer a comprehensive suite of specialised services, including network infrastructure, cybersecurity, distributed cloud systems, and private LTE wireless networks. A key component of this initiative is establishing a new Security Operations Centre (SOC) designed explicitly for OT customers, providing real-time protection against potential cyberattacks and ensuring robust cybersecurity measures.

Additionally, Orro will focus on operational excellence by integrating best practices from IT and OT disciplines to effectively manage the complexities of OT production environments. The company will assess and stabilise existing critical infrastructure assets, working closely with industry regulators and clients to implement key transformations.

These expanded capabilities are expected to benefit customers across various sectors, including energy, transport and logistics, healthcare, retail, and state government entities, fostering innovation and resilience in critical infrastructure management.

UK’s ‘Invest 2035’ strategy prioritises cybersecurity and technological adoption to secure future growth

The UK government prioritises adopting innovative technologies through its draft industrial strategy, ‘Invest 2035.’ The comprehensive plan aims to accelerate the integration and scaling of new technologies across eight key growth sectors, including cybersecurity solutions and ensuring that all emerging technologies are secure by design.

To support this technological advancement, the strategy focuses on strengthening cyber resilience by enhancing supply chain resilience to mitigate vulnerabilities that could impede long-term growth. Implementing strengthened cyber resilience measures is essential for safeguarding growth-driving sectors against potential digital threats, thereby reinforcing the overall security of the economy.

Additionally, a crucial element of the strategy is the investment in skills and workforce development, as the UK government acknowledges the need to prepare the workforce for future challenges through substantial investments in skills and training. Promoting cybersecurity education is vital, empowering individuals and organisations to protect themselves better and leverage technological advancements.

Furthermore, the draft strategy emphasises public consultation and stakeholder engagement, inviting input from businesses, experts, unions, and other stakeholders to refine the plan before its final publication in spring 2025. The government also highlights the importance of collaboration between itself and the cyber industry, as these partnerships are essential for addressing existing challenges, such as the skills gap and outdated cyber laws. Ultimately, this strategy aims to support the growth of a secure and resilient economy, fostering an environment where organisations can thrive safely in an increasingly digital world.