Many small businesses in the US are facing a sharp rise in cyber attacks, yet large numbers still try to manage the risk on their own.
A recent survey by Guardz found that more than four in ten SMBs have already experienced a cyber incident, while most owners believe the overall threat level is continuing to increase.
Rather than relying on specialist teams, over half of small businesses still leave critical cybersecurity tasks to untrained staff or the owner. Only a minority have a formal incident response plan created with a cybersecurity professional, and more than a quarter do not carry cyber insurance.
Phishing, ransomware and simple employee mistakes remain the most common dangers, with negligence seen as the biggest internal risk.
Recovery times are improving, with most affected firms able to return to normal operations quickly and very few suffering lasting damage.
However, many still fail to conduct routine security assessments, and outdated technology remains a widespread concern. Some SMBs are increasing cybersecurity budgets, yet a significant share still spend very little or do not know how much is being invested.
More small firms are now turning to managed service providers instead of trying to cope alone.
The findings suggest that preparation, professional support and clearly defined response plans can greatly improve resilience, helping organisations reduce disruption and maintain business continuity when an attack occurs.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Mandatory facial verification will be introduced in South Korea for anyone opening a new mobile phone account, as authorities try to limit identity fraud.
Officials said criminals have been using stolen personal details to set up phone numbers that later support scams such as voice phishing instead of legitimate services.
Major mobile carriers, including LG Uplus, Korea Telecom and SK Telecom, will validate users by matching their faces against biometric data stored in the PASS digital identity app.
Such a requirement expands the country’s identity checks rather than replacing them outright, and is intended to make it harder for fraud rings to exploit stolen data at scale.
The measure follows a difficult year for data security in South Korea, marked by cyber incidents affecting more than half the population.
SK Telecom reported a breach involving all 23 million of its customers and now faces more than $1.5 billion in penalties and compensation.
Regulators also revealed that mobile virtual network operators were linked to 92% of counterfeit phones uncovered in 2024, strengthening the government’s case for tougher identity controls.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Prime Minister Kim Min-seok has called for punitive fines of up to 10 percent of company sales for repeated and serious data breaches, as public anger grows over large-scale leaks.
The government is seeking swift legislation to impose stronger sanctions on firms that fail to safeguard personal data, reflecting President Lee Jae Myung’s stance that violations require firm penalties instead of lenient warnings.
Kim said corporate responses to recent breaches had fallen far short of public expectations and stressed that companies must take full responsibility for protecting customer information.
Under the proposed framework, affected individuals would receive clearer notifications that include guidance on their rights to seek damages.
The government of South Korea also plans to strengthen investigative powers through coercive fines for noncompliance, while pursuing rapid reforms aimed at preventing further harm.
The tougher line follows a series of major incidents, including a leak at Shinhan Card that affected around 190,000 merchant records and a large-scale breach at Coupang that exposed the data of 33.7 million users.
Officials have described the Coupang breach as a serious social crisis that has eroded public trust.
Authorities have launched an interagency task force to identify responsibility and ensure tighter data protection across South Korea’s digital economy instead of relying on voluntary company action.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Teenagers account for most of the serious threats reported against supermarket staff across South Island stores, according to a privacy report released on Foodstuffs South Island’s facial recognition trial.
The company is testing the technology in three Christchurch supermarkets to identify only adult repeat offenders, rather than minors, even though six out of the ten worst offenders are under eighteen.
A system that creates a biometric template of every shopper at the trial stores and deletes it if there is no match with a watchlist. Detections remain stored within the Auror platform for seven years, while personal images are deleted on the same day.
The technology is supplied by the Australian firm Vix Vizion, in collaboration with Auror, which is already known for its vehicle plate recognition systems.
Foodstuffs argues the trial is justified by rising threatening and violent behaviour towards staff across all age groups.
A previous North Island pilot scanned 226 million faces and generated more than 1700 alerts, leading the Privacy Commissioner of New Zealand to conclude that strong safeguards could reduce privacy intrusion to an acceptable level.
The watchlist only includes adults previously involved in violence or serious threats, and any matches undergo human checks before action is taken.
Foodstuffs continues to provide regular updates to the Office of the Privacy Commissioner as the South Island trial proceeds.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Apple has been fined €98 million by Italy’s competition authority after regulators concluded that its App Tracking Transparency framework distorted competition in the app store market.
Authorities stated that the policy strengthened Apple’s dominant position while limiting how third-party developers collect advertising data.
The investigation found that developers were required to request consent multiple times for the same data processing purposes, creating friction that disproportionately affected competitors.
Regulators in Italy argued that equivalent privacy protections could have been achieved through a single consent mechanism instead of duplicated prompts.
According to the Italian authority, the rules were imposed unilaterally across the App Store ecosystem and harmed commercial partners reliant on targeted advertising. The watchdog also questioned whether the policy was proportionate from a data protection perspective under the EU law.
Apple rejected the findings and confirmed plans to appeal, stating that App Tracking Transparency prioritises user privacy over the interests of ad technology firms.
The decision follows similar penalties and warnings issued in France and Germany, reinforcing broader European scrutiny of platform governance.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Almost 3.5 million students, staff and suppliers linked to the University of Phoenix have been affected by a data breach tied to a sophisticated cyber extortion campaign. The incident followed unauthorised access to internal systems, exposing highly sensitive personal and financial information.
Investigations indicate attackers exploited a zero-day vulnerability in Oracle E-Business Suite, a widely used enterprise financial application. The breach surfaced publicly after the Clop ransomware group listed the university on its leak site, prompting internal reviews and regulatory disclosures.
Compromised data includes names, contact details, dates of birth, social security numbers and banking information. University officials have confirmed that affected individuals are being notified, while filings with US regulators outline the scale and nature of the incident.
The attack forms part of a broader wave of intrusions targeting American universities and organisations using Oracle platforms. As authorities offer rewards for intelligence on Clop’s operations, the breach highlights growing risks facing educational institutions operating complex digital infrastructures.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
France’s national postal service, La Poste, suffered a cyber incident days before Christmas that disrupted websites, mobile applications and parts of its delivery network.
The organisation confirmed a distributed denial of service attack temporarily knocked key digital systems offline, slowing parcel distribution during the busiest period of the year.
A disruption that also affected La Banque Postale, with customers reporting limited access to online banking and mobile services. Card payments in stores, ATM withdrawals, and authenticated online payments continued to function, easing concerns over wider financial instability.
La Poste stated there was no evidence of customer data exposure, although several post offices in France operated at reduced capacity. Staff were deployed to restore services while maintaining in-person banking and postal transactions where possible.
The incident added to growing anxiety over digital resilience in critical public services, particularly following a separate data breach disclosed at France’s Interior Ministry last week. Authorities have yet to identify those responsible for the attack on La Poste.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The European Commission has proposed extending the Interim Regulation that allows online service providers to voluntarily detect and report child sexual abuse instead of facing a legal gap once the current rules expire.
These measures would preserve existing safeguards while negotiations on permanent legislation continue.
The Interim Regulation enables providers of certain communication services to identify and remove child sexual abuse material under a temporary exemption from e-Privacy rules.
Without an extension beyond April 2026, voluntary detection would have to stop, making it easier for offenders to share illegal material and groom children online.
According to the Commission, proactive reporting by platforms has played a critical role for more than fifteen years in identifying abuse and supporting criminal investigations. Extending the interim framework until April 2028 is intended to maintain these protections until long-term EU rules are agreed.
The proposal now moves to the European Parliament and the Council, with the Commission urging swift agreement to ensure continued protection for children across the Union.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
From 1 February, the US Transportation Security Administration will charge a $45 fee to travellers who arrive at airports without a valid form of identification, such as a REAL ID or passport.
A measure that is linked to the rollout of a new alternative identity verification system designed to modernise security checks.
The fee applies to passengers using TSA Confirm.ID, a process that may involve biometric or biographic verification. Even after payment, access to the secure area is not guaranteed, and the charge will remain non-refundable, valid for a period of ten days.
According to the TSA, the policy ensures that the traveller, instead of taxpayers, bears the cost of verifying insufficient identification. Officials have urged passengers to obtain a REAL ID or other approved documentation to avoid delays or missed flights.
The agency has indicated that travellers will be encouraged to pay the fee online before arrival. At the same time, further details are expected on how advance payment and verification will operate across different airports.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Council of the European Union has agreed on its negotiating position on legislation enabling a digital euro while reinforcing the legal status of euro cash.
An initiative that aims to strengthen the resilience of the EU payments system and support strategic autonomy by ensuring public money remains central in a rapidly digitising economy.
Under the proposal, the digital euro would complement cash, rather than replace it, offering a public payment option backed by the European Central Bank. It would function both online and offline, allow payments with a high degree of privacy, and operate in conjunction with private cards and applications.
Limits on holdings would apply to reduce risks to financial stability, with core services provided free to consumers.
The Council position also clarifies compensation rules for payment service providers and requires fair access to mobile device hardware and software. Interchange and merchant fees would be capped during a transitional period, with future pricing linked to actual operational costs.
At the same time, the Council has moved to strengthen the role of cash by safeguarding acceptance across the € area and guaranteeing access for citizens.
Member states would be required to monitor cash availability and prepare contingency measures for situations where electronic payments are disrupted.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
