CTM360, a Bahrain-based cybersecurity platform, has partnered with the ISACA Singapore Chapter to enhance Singapore’s cybersecurity landscape. By signing a Memorandum of Understanding (MoU) during the first members’ event of 2025, this collaboration aims to elevate cybersecurity through capacity development, professional development, and fostering a culture of knowledge exchange.
The partnership focuses on hosting joint events, training programs, and workshops designed to advance cybersecurity expertise, support certification advancements, and develop innovative strategies to address evolving cyber threats. By combining their expertise, both organisations are working to enhance cybersecurity ecosystem in Singapore and equip professionals with the tools required to tackle modern challenges, ensuring cybersecurity remains a priority across industries.
The collaboration reflects a shared commitment to creating meaningful opportunities for professional growth and strengthening the cybersecurity community. It underscores the importance of equipping professionals with the necessary knowledge and tools to thrive in a rapidly evolving digital landscape.
The partnership also aims to drive impactful initiatives, promoting a safer and more resilient digital environment through collective responsibility and a focus on addressing current and future cyber threats.
Thailand is strengthening its digital partnerships with Japan and Vietnam to drive innovation, enhance connectivity, and position itself as a Southeast Asia digital economy leader. These collaborations focus on emerging technologies such as 5G, AI, 3D printing, and cybersecurity and foster innovation through startup promotion in gaming, entertainment, and other sectors.
Both partnerships prioritise developing digital skills to build a proficient workforce and improve regional connectivity, including submarine cable networks. Thailand has invited Japan to invest in the ‘Thailand Digital Valley’ project, which aims to make Chonburi Province a hub for digital innovation.
Furthermore, Thailand and Vietnam are advancing cooperation through a new Memorandum of Understanding (MoU), while Japan continues its collaboration under the 2022 Memorandum of Understanding (MoC). These agreements provide a structured framework for initiatives in digital transformation, regulatory development, cybersecurity, and regional infrastructure.
Through these efforts, Thailand aims to establish itself as a regional hub for digital technology, promoting sustainable growth and innovation across ASEAN. By leveraging these strategic partnerships, Thailand is building a connected and digitally advanced society, reflecting its commitment to becoming a key player in shaping the region’s digital future.
Progress on the EU Cybersecurity Certification Scheme (EUCS), stuck in a deadlock since 2019, remains uncertain as discussions are unlikely to advance in the first half of 2025. Despite efforts by Poland, which is leading the EU ministerial meetings until July, disagreements over sovereignty requirements continue to stall the process. The EUCS aims to help companies demonstrate that their ICT solutions meet cybersecurity standards for the EU market but has faced resistance, particularly from France, which wants to preserve its certification system, SecNum Cloud.
The European Cybersecurity Certification Group (ECCG) from ENISA has yet to provide an opinion on the scheme, with its next meeting possibly taking place in February. Poland plans to prioritise cybersecurity during its presidency, hosting key events like an informal telecom minister meeting in March and a conference on ENISA standardisation, though industry groups remain sceptical about a breakthrough.
Lobbyists, including the global software industry group BSA, have criticised the delays. They argue that cybersecurity standards should focus on technical protections rather than political considerations and have urged the Commission to adopt the scheme quickly to strengthen Europe’s cybersecurity resilience.
Further complicating matters, the EU Cybersecurity Act (CSA), which underpins ENISA’s authority to create certification schemes, is under evaluation but has not yet been revised. Of the three certification schemes proposed since 2019, only one has been adopted, with another for 5G still in progress. New EU Commissioner Henna Virkkunen has pledged to improve the adoption process for cybersecurity certification schemes as part of her mission to bolster Europe’s technological sovereignty and security.
Unacast has informed Norwegian authorities of a data breach involving its subsidiary Gravy Analytics. The announcement was revealed in a notice published by Norwegian broadcaster NRK.
The breach involved a compromised web server using a misappropriated key, with some stolen files potentially containing personal data. Unacast’s legal representatives, BakerHostetler, confirmed the breach was discovered on 4 January, though the exact timing remains under investigation.
Repeated attempts to reach Unacast and its legal team for comment have gone unanswered. Norway’s data protection authority also could not be reached for further statements after business hours on Friday.
Education technology provider PowerSchool has suffered a major data breach, exposing the personal information of millions of students and teachers. Hackers gained access to its systems by exploiting stolen credentials, using a tool within the company’s PowerSource support portal to export sensitive data.
The stolen records include names, addresses, and potentially more sensitive details such as Social Security numbers and medical information in the US and Canada. PowerSchool, which manages academic records for over 60 million K-12 students, assured customers that not all users were affected. However, the breach has left schools scrambling to assess the damage.
PowerSchool insists the hack wasn’t due to a flaw in its software but was a result of unauthorised access using legitimate credentials. The company has engaged cybersecurity experts to investigate and taken steps to improve security, including deactivating compromised accounts and strengthening password controls.
Critics argue that PowerSchool was slow to inform customers, potentially putting students, parents, and educators at greater risk of identity theft. While PowerSchool is offering affected users credit monitoring and identity protection services, the incident has sparked calls for stricter regulations on data security in the education sector.
President Joe Biden is preparing to introduce a new executive order aimed at strengthening cybersecurity standards for federal agencies and contractors. The proposed measures address growing threats from Chinese-linked cyber operations and criminal cyberattacks, which have targeted critical infrastructure, government emails, and major telecom firms. Under the draft order, contractors must adhere to stricter secure software development practices and provide documentation to be verified by the Cybersecurity and Infrastructure Security Agency (CISA).
The order highlights vulnerabilities exposed by recent cyber incidents, including the May 2023 breach of US government email accounts, attributed to Chinese hackers. New guidelines will also focus on securing access tokens and cryptographic keys, which were exploited during the attack. Contractors whose security practices fail to meet standards may face legal consequences, with referrals to the attorney general for further action.
While experts like Tom Kellermann of Contrast Security support the initiative, some criticise the timeline as insufficient given the immediate threats posed by adversaries like China and Russia. Brandon Wales of SentinelOne views the order as a continuation of efforts across the past two administrations, emphasising the need to enhance existing cybersecurity frameworks while addressing a broad range of threats.
The order underscores Biden’s commitment to cybersecurity as a pressing national security issue. It comes amid escalating concerns about foreign cyber operations and aims to solidify protections for critical US systems before the transition to new leadership.
Business email compromise (BEC) scams are on the rise, targeting companies through highly deceptive tactics. These scams involve cybercriminals hacking into legitimate email accounts and tricking victims into transferring large sums of money. Recently, a small business narrowly avoided a major financial loss when a scammer posed as its owner, sending fraudulent wiring instructions to the company’s bank. Quick action by the business owner and a vigilant banker prevented the funds from being transferred.
Experts warn that BEC scams rely less on technical vulnerabilities and more on exploiting trust between businesses and their partners. Hackers often gain access through phishing attacks, installing malicious software, or guessing weak passwords. Once inside an email account, they may create hidden rules to intercept or forward messages, concealing their activities until it’s too late.
To counter these threats, cybersecurity professionals recommend measures such as enabling two-factor authentication, regularly updating passwords, and monitoring email account activity for unusual changes. Businesses are also advised to verify financial transactions using secondary methods, such as phone calls, to confirm the legitimacy of requests.
With global losses from BEC scams amounting to billions, the stakes are high. By taking proactive steps to enhance security, businesses can protect themselves from falling victim to these sophisticated schemes.
Dragos and Singapore’s Digital and Intelligence Service (DIS) are collaborating to enhance cybersecurity capabilities through a strategic partnership focusing on planning, training, and exchanging information about cyber threats. The agreement, announced during the Critical Infrastructure Defence Exercise (CIDeX) 2024, aims to fortify the defence of Singapore’s critical infrastructure and increase its resilience to cyber attacks.
The partnership builds on Dragos’s long-standing collaboration with Singapore, including a previous agreement in August 2023 with the Cyber Security Agency (CSA) to improve operational technology (OT) cybersecurity. DIS emphasised the importance of expanding cybersecurity partnerships across sectors, while Dragos commended Singapore’s proactive approach to cybersecurity as an example for other nations to follow.
That partnership underscores the shared commitment of both parties to secure critical infrastructure amid an evolving cyber threat landscape. By leveraging their expertise, Dragos and DIS aim to provide Singapore with the necessary tools and knowledge to navigate emerging challenges, ensuring the protection of its infrastructure and citizens.
Hong Kong is advancing its digital economy and smart city initiatives, striving to become a global leader in digital transformation. To support this vision, the Hong Kong Institute of Information Technology (HKIIT) and the Office of the Government Chief Information Officer (OGCIO) have partnered to enhance digital literacy, strengthen cybersecurity, and promote digital transformation in public and government sectors.
The collaboration focuses on specialised training programs covering emerging technologies, cybersecurity, and data analytics to equip public sector employees and industry professionals with critical skills. Practical exercises like real-world cybersecurity simulations aim to improve awareness and resilience against cyber threats. Additionally, data literacy training is prioritised to help public employees utilise data for decision-making and service improvement, aligning with Hong Kong’s goals of innovation and efficiency.
Beyond training, community events like competitions and seminars promote digital awareness, fostering a culture of innovation and collaboration. The initiative builds on prior efforts, such as the ‘Cyber Security Drill 2024’ and certification programs, while future plans aim to expand its reach across more government departments and organisations.
The Vocational Training Council (VTC), Hong Kong’s largest provider of vocational and professional education, plays a key role in these efforts by supporting the city’s innovation agenda and equipping individuals with the skills needed to succeed in a rapidly evolving digital landscape. Through partnerships like the one with OGCIO, VTC institutions such as HKIIT contribute to strengthening the city’s workforce and ensuring its readiness for the challenges of digital transformation.
The White House unveiled a new label, the Cyber Trust Mark, for internet-connected devices like smart thermostats, baby monitors, and app-controlled lights. This new shield logo aims to help consumers evaluate the cybersecurity of these products, similar to how Energy Star labels indicate energy efficiency in appliances. Devices that display the Cyber Trust Mark will have met cybersecurity standards set by the US National Institute of Standards and Technology (NIST).
As more household items, from fitness trackers to smart ovens, become internet-connected, they offer convenience but also present new digital security risks. Anne Neuberger, US Deputy National Security Advisor for Cyber, explained that each connected device could potentially be targeted by cyber attackers. While the label is voluntary, officials hope consumers will prioritise security and demand the Cyber Trust Mark when making purchases.
The initiative will begin with consumer devices like cameras, with plans to expand to routers and smart meters. Products bearing the Cyber Trust Mark are expected to appear on store shelves later this year. Additionally, the Biden administration plans to issue an executive order by the end of the president’s term, requiring the US government to only purchase products with the label starting in 2027. The program has garnered bipartisan support, officials said.
