Digital technology experts highlighted the need for collaboration and partnerships among African nations to tackle shared cybersecurity threats effectively. By emphasising a unified approach, participants recognised that regional cooperation is essential in addressing the complexities of cyber risks that impact businesses and governments.
Public-private partnerships were also advocated, as collaboration between the private sector and governmental agencies can foster the development of effective cybersecurity solutions, creating a safer business environment and promoting resilience against cyber threats. Additionally, they underscored the importance of identifying and valuing critical infrastructure, which is vital for informing robust security strategies. Sharing best practices among African countries can enhance defences without reinventing solutions, creating a collective strength across the continent.
Specifically, the call for harmonised cybersecurity laws across Africa aims to create consistent regulations that address capacity gaps and enhance digital security. Additionally, capacity-building initiatives are essential for equipping individuals and organisations to tackle evolving cyber challenges.
Moreover, they emphasised the need for effective incident response frameworks, as these strategies are crucial for minimising the impact of cyber incidents on businesses and governments. Ultimately, this proactive approach boosts resilience and fosters trust in the digital ecosystem, enabling Africa to navigate the complexities of the digital age confidently.
Many EU member states are set to miss the October 17 deadline to implement the Network and Information Security Directive (NIS 2), aimed at enhancing cybersecurity for critical sectors. Only Belgium, Croatia, Italy, and Lithuania have made partial progress, while others like Germany and the Netherlands have pending legislation, and countries such as Ireland and Spain lag further behind. The directive, approved in 2022, expands protections for sectors like energy, transport, banking, and water, and replaces the previous NIS1 directive, which failed to boost cyber resilience.
Businesses are concerned about the fragmented implementation and compliance challenges, particularly for companies operating across multiple markets. The European Federation of National Associations of Water Services (EurEau) warned that delays create uncertainty for water operators, who may need financial support to meet cybersecurity requirements. Similarly, the software lobby group BSA criticised the lack of guidance on incident reporting, a key aspect of NIS 2.
The European DIGITAL SME Alliance expressed worries for small and medium enterprises that might be impacted if they are part of larger companies’ supply chains under NIS 2. The directive mandates penalties for non-compliance, including fines of up to €10 million or 2% of global revenue, and holds senior management accountable for security breaches, signaling a shift in responsibility beyond IT departments.
Orro is enhancing its operational technology (OT) capabilities with the launch of its new division, Orro Critical Infrastructure, aimed at serving Australia and New Zealand. That initiative represents a significant advancement in Orro’s commitment to providing innovative solutions tailored to meet the growing demands of the industrial sector.
The division will offer a comprehensive suite of specialised services, including network infrastructure, cybersecurity, distributed cloud systems, and private LTE wireless networks. A key component of this initiative is establishing a new Security Operations Centre (SOC) designed explicitly for OT customers, providing real-time protection against potential cyberattacks and ensuring robust cybersecurity measures.
Additionally, Orro will focus on operational excellence by integrating best practices from IT and OT disciplines to effectively manage the complexities of OT production environments. The company will assess and stabilise existing critical infrastructure assets, working closely with industry regulators and clients to implement key transformations.
These expanded capabilities are expected to benefit customers across various sectors, including energy, transport and logistics, healthcare, retail, and state government entities, fostering innovation and resilience in critical infrastructure management.
The UK government prioritises adopting innovative technologies through its draft industrial strategy, ‘Invest 2035.’ The comprehensive plan aims to accelerate the integration and scaling of new technologies across eight key growth sectors, including cybersecurity solutions and ensuring that all emerging technologies are secure by design.
To support this technological advancement, the strategy focuses on strengthening cyber resilience by enhancing supply chain resilience to mitigate vulnerabilities that could impede long-term growth. Implementing strengthened cyber resilience measures is essential for safeguarding growth-driving sectors against potential digital threats, thereby reinforcing the overall security of the economy.
Additionally, a crucial element of the strategy is the investment in skills and workforce development, as the UK government acknowledges the need to prepare the workforce for future challenges through substantial investments in skills and training. Promoting cybersecurity education is vital, empowering individuals and organisations to protect themselves better and leverage technological advancements.
Furthermore, the draft strategy emphasises public consultation and stakeholder engagement, inviting input from businesses, experts, unions, and other stakeholders to refine the plan before its final publication in spring 2025. The government also highlights the importance of collaboration between itself and the cyber industry, as these partnerships are essential for addressing existing challenges, such as the skills gap and outdated cyber laws. Ultimately, this strategy aims to support the growth of a secure and resilient economy, fostering an environment where organisations can thrive safely in an increasingly digital world.
Ghana has launched its revised National Cybersecurity Policy and Strategy (NCPS) to tackle the escalating cybersecurity threats arising from its rapid digital transformation. The comprehensive framework is designed to address current cyber risks and anticipate emerging ones, ensuring that Ghana’s digital infrastructure remains resilient and secure over the next five years.
The initiative was officially unveiled during the opening ceremony of the 2024 National Cybersecurity Awareness Month (NCSAM) in Accra, which, notably, saw significant participation from high-ranking officials, including the leadership of the Ghana Armed Forces and key stakeholders in cybersecurity. Moreover, the policy is anchored on five essential pillars – Legal Measures, Technical Measures, Organisational Measures, Capacity Building, and Cooperation.
Why does it matter?
The NCPS addresses the rapid digitalisation occurring across critical sectors such as finance, healthcare, education, and commerce at a pivotal moment for the nation. While these advancements offer substantial socioeconomic benefits, they also expose the nation to significant cyber risks that could jeopardise economic stability and public safety.
Therefore, by implementing the NCPS, Ghana aims to strengthen its defences against these threats, protect its digital achievements and ensure sustainable technological progress. Furthermore, Minister Ursula Owusu-Ekuful emphasised that the policy serves as a vital roadmap for addressing current and future cyber threats. In addition, that underscores the importance of enhancing public-private collaboration to bolster the country’s overall digital resilience.
Leonardo, the defence company from Italy, is actively pursuing acquisitions in the cybersecurity sector, targeting a dozen companies both domestically and abroad. CEO Roberto Cingolani mentioned that some deals could be finalised by the end of the year. The company has been working on these acquisition processes for the past several months.
No acquisition will exceed 15% of the cyber division’s turnover, following guidelines set in Leonardo’s strategic plan. The company is prioritising cyber security as a key growth area, expecting strong double-digit expansion in this field in the coming years.
Leonardo aims to establish itself as a significant player in Europe’s cyber security market. Cingolani highlighted that the sector is at the heart of the group’s strategic development, especially as digitalisation continues to offer new opportunities.
The company’s 2024-2028 industrial plan outlines its commitment to strengthening its core businesses while also focusing on cybersecurity. Over the next five years, Leonardo forecasts a 16% rise in orders and a 13% growth in revenue in this area.
India’s Financial Intelligence Unit is investigating the Indian cryptocurrency exchange WazirX following a significant cyberattack that resulted in the theft of $235 million. The exchange is cooperating with government agencies and has provided authorities with extensive server logs and transaction data related to the incident, which occurred in July. Although no physical assets have been seized, WazirX is actively engaging with regulatory bodies to understand the broader implications of the hack on the unregulated crypto sector.
In a bid to enhance transparency, WazirX plans to publicly disclose wallet addresses through court affidavits and has committed to addressing user concerns. The exchange aims to establish a 10-member committee of creditors by 9 October to assist in its restructuring efforts, to return 52-55% of the remaining crypto assets to affected clients within six months.
Additionally, WazirX’s parent company, Zettai, is in discussions with 11 potential partners to explore capital injections and profit-sharing strategies that could aid in user recoveries. Following the hack, WazirX has sought a Scheme of Arrangement in Singapore under local insolvency laws. An independent audit revealed no evidence of wrongdoing by its custodian partner, Liminal Custody.
The US Department of Homeland Security (DHS) and the Polish Ministry of Digital Affairs (MDA) have signed a Memorandum of Understanding (MOU) to bolster their collaboration in cybersecurity and emerging technology. This MOU strengthens the longstanding partnership between the United States and Poland, providing a structured framework for coordinated efforts in addressing global security challenges, including cyber threats and responsible technology development.
By focusing on key areas such as cyber policy, Secure by Design practices, information sharing, incident response, human capital development, and the safe deployment of AI and the Internet of Things (IoT), both nations demonstrate a shared commitment to transatlantic security. The timing of this MOU, which coincides with the Fourth Counter Ransomware Initiative Summit, reflects a united stance against the growing ransomware threat, as nearly 70 countries gathered to reinforce global resilience against cybercrime.
Various agencies will spearhead the implementation of the MOU as part of the agreement. In the United States, DHS entities like the Cybersecurity and Infrastructure Security Agency (CISA), the Office of Strategy, Policy, and Plans, and the Science and Technology Directorate will drive projects that enhance cybersecurity and support critical infrastructure. On the Polish side, the National Research Institute (NASK) will be instrumental in coordinating these efforts, positioning Poland for its upcoming EU Council presidency in 2025, where it aims to strengthen US-EU relations and prioritise European information security.
Why does it matter?
Together, these agencies will focus on collaborative initiatives that ensure safe technology practices, build critical skills, and enable a proactive response to digital threats, securing a stronger digital future for both nations.
Concerns are rising ahead of the US presidential election, with the latest intelligence suggesting interference from foreign nations like Russia, Iran, and China. The annual threat assessment released by the Department of Homeland Security highlights the use of AI by these countries to spread misinformation and create fake websites.
Russian actors have focused on amplifying divisive narratives, particularly around immigration. Iran has adopted a more aggressive approach, posing as activists online to encourage protests related to the conflict in Gaza. China is also seen as a potential player in efforts to undermine confidence in US democratic institutions.
The upcoming election, expected to be highly contested between Kamala Harris and Donald Trump, presents further opportunities for foreign interference. Tensions within the US could be exacerbated by these external efforts, along with potential threats from domestic extremists.
Domestic violent extremism also remains a serious concern. The report warns of the risk posed by lone actors or small cells driven by grievances related to race, religion, or anti-government views. These groups may attempt violent actions to instill fear or disrupt the electoral process.
The Indian government has recently redefined the roles of key ministries concerning telecom network security, cybersecurity, and cybercrime through amendments to the business allocation rules. As a result, this strategic reorganisation ensures that each ministry is assigned clear responsibilities, streamlining efforts to manage these vital areas more effectively.
The roles have been precisely delineated to enhance governance. Specifically, the Ministry of Communications is responsible for telecom security under the Telecommunication Act of 2023, which enables authorities to access traffic data, including from OTT services like WhatsApp. Meanwhile, cybersecurity falls under the Ministry of Electronics and Information Technology (MeitY), as outlined in the IT Act of 2000, with strategic guidance provided by the National Security Council Secretariat.
Furthermore, the Ministry of Home Affairs (MHA) oversees cybercrime, working closely with the Department of Telecommunications to address fraud and utilising tools such as Pratibimb to track mobile numbers involved in cybercriminal activities.
There is an ongoing debate on regulating OTT communication services. While telecom companies continue to push to regulate these services under the Telecom Act, the government in India has reiterated that OTT services like WhatsApp and Telegram fall under the Information Technology Act. This differentiation reflects the broader scope of the IT Act in handling digital communication services, even as pressure mounts for more stringent telecom-specific regulations.
