British company Capita expects £15-20 million impact after cyberattack on its systems

Capita, a British outsourcing company, has issued a warning that it expects to incur a financial impact of £15 million to £20 million following a cyberattack on its systems earlier this year.

The company, known for providing business support services to both government entities and private companies, stated that the cyber incident had resulted in the compromise of data from less than 0.1% of its server estate. Capita assured that it is taking necessary measures to recover and secure its systems. It emphasised its close collaboration with regulatory authorities, customers, suppliers, and employees to address the incident, notify affected parties, and implement any remaining essential steps.

Western Digital, a technology company, confirms that hackers stole customer data

Western Digital, a technology company, has notified its customers after the March 2023 data breach and confirmed that the customer data was stolen.

In a press release, the company mentioned it worked with external forensic experts and determined that the hackers obtained a copy of a database which contained limited personal information of online store customers. The exact number of affected customers has not been disclosed. The company has notified affected customers and advised them to remain vigilant against potential phishing attempts.

The March data breach had previously been reported in early April when the company disclosed it has suffered a cyberattack. TechCrunch reported that an ‘unnamed’ hacking group breached Western Digital, claiming to have stolen ten terabytes of data.

The hackers subsequently published some of the stolen data and threatened to release more if their demands were not met. Western Digital has restored the majority of its impacted systems and services and continues to investigate the incident.

World Economic Forum issues ‘State of the Connected World 2023’ report

The World Economic Forum and the Council on the Connected World published the State of the Connected World 2023 report exploring governance gaps related to the internet of things (IoT). The report outlines the findings of a survey conducted with 271 experts worldwide to understand the state of IoT affairs. The COVID-19 pandemic has increased IoT demand in health, manufacturing, and consumer IoT. However, there is a lack of confidence when it comes to matters such as privacy and security.

Two main governance gaps are identified: (1) a lack of governmental regulation and implementation of industry standards and (2) IoT users are more susceptible to cyber threats and cyberattacks.

One recommendation is for businesses and governments to develop and implement practices to improve privacy and security and create a more inclusive and accessible IoT ecosystem. The need to improve equal access to technology and its benefits is also underscored.

IBM announces new agreement with Australia to support the country’s digital transformation

IBM Australia has announced the signing of the next iteration of the Whole-of-Government Arrangement with Australia’s Digital Transformation Agency (DTA). Under this arrangement, IBM will support the Australian government in its move towards accelerated adoption of innovative technologies.

The new cooperation will focus on:

  • protecting government data in the cloud;
  • strengthening the government’s cybersecurity capabilities;
  • exploring how quantum technology could help improve services for Australians;
  • adopting and measuring more sustainable practices across government agencies;
  • growing the digital skills capabilities of Australian public servants. 

Microsoft’s Cyber Signals report highlights a rise in cyber risks to critical infrastructure

The third edition of Cyber Signals, a yearly report which highlights security trends and insights from Microsoft’s 8,500 security experts and 43 trillion daily security signals, was recently launched. In this edition, experts present new information on broader threats to critical infrastructure posed by converging information technologies, the Internet of Things (IoT), and operational technology (OT) systems. 

Some of the report’s highlights include:

  • Unpatched, high-security vulnerabilities identified in 75% of the most common industrial controllers in customer OT networks.
  • Over one million connected devices publicly visible on the internet running Boa, an outdated and unsupported software widely used in IoT devices and software development kits.
  • An 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.

US National Institute of Standards and Technology issues draft guide for trusted IoT onboarding and lifecycle management

The US National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) published a draft practice guide for trusted internet of things (IoT) onboarding and lifecycle management. This guide demonstrates how organisations can protect their IoT devices and networks. It details standards, practices, and technology to demonstrate mechanisms for trusted network-layer onboarding of IoT devices. The guide also shows how to provide network credentials to IoT devices in a trusted manner and maintain a secure posture throughout the device lifecycle.

EU-US Trade and Technology Council holds third ministerial meeting

The third ministerial meeting of the EU-US Trade and Technology Council (TTC) was held on 5 December 2022 in Washington, DC, USA. During the meeting, the two parties:

  • Reiterated the importance of cooperating on trust and security in the ICT ecosystem and noted that the TTC Working Group on ICTS security and competitiveness plans to discuss transatlantic subsea cables’ connectivity and security, including alternative routes, such as the transatlantic route to connect Europe, North America and Asia.
  • Reiterated their commitment to developing and implementing trustworthy artificial intelligence (AI), building on the Joint Roadmap on Evaluation and Measurement Tools for Trustworthy AI and Risk Management.
  • Announced plans to launch a pilot project to assess the use of privacy-enhancing technologies and synthetic data in health and medicine.
  • Announced plans to establish an expert task force to strengthen research and development cooperation on quantum information science, develop common frameworks for assessing technology readiness, discuss intellectual property, and export control-related issues as appropriate, and work together to advance international standards.
  • Announced progress on increasing standards cooperation, for instance through the Strategic Standards Information mechanism meant to enable the EU and the USA to share information about international standardisation activities and react to common strategic issues.
  • Announced that the US Department of Commerce and the European Commission are entering into an administrative arrangement to implement an early warning mechanism to address and mitigate semiconductor supply chain disruptions in a cooperative way.
  • Stressed the importance of eliminating the use of arbitrary and unlawful surveillance to target human rights defenders, and expressed concerns over government-imposed internet shutdowns.
  • Announced plans to enhance transatlantic trade, for instance through developing joint best practices for the use of digital tools to simplify or reduce the cost of commercial actors’ interactions with the governments in relation to trade-related policy, legal requirements, or regulatory requirements.
  • Announced the launch of a Talent for Growth Task Force to facilitate exchanges of experiences on training and capacity building and serve as a catalyst for innovative skills policies.

These and other commitments and initiatives are outlined in the joint statement issued at the end of the meeting.

Karspersky publishes its advanced threat predictions for 2023

Kaspersky Security, a major security firm, has recently published its advanced threat predictions for 2023, identifying email servers and satellites as major cyberattack targets in the year 2023. The report states that 2023 will be characterised by destructive ‘cyberattacks of unprecedented gravity’ against governments, key industry providers, and high-profile civilian infrastructures. Another point of concern is the safety of underwater cables and fiber distribution hubs against physical attacks.