First reading of, and negotiations on, the draft final report
cybersecurity
Opening of the session
Opening statements
– Under-Secretary-General and High Representative for
Disarmament Affairs, Izumi Nakamitsu (pre-recorded)
– Chair of the open-ended working group on security of and in the
use of information and communications technologies
2021-2025, Burhan Gafoor
Agenda item 3: organization of work
Agenda item 5: discussions on substantive issues contained in
paragraph 1 of General Assembly resolution 75/240
Chair’s presentation of the draft final report
Irish businesses face cybersecurity reality check
Most Irish businesses believe they are well protected from cyberattacks, yet many neglect essential defences. Research from Gallagher shows most firms do not update software regularly or back up data as needed.
The survey of 300 companies found almost two-thirds of Irish firms feel very secure, with another 28 percent feeling quite safe. Despite this, nearly six in ten fail to apply software updates, leaving systems vulnerable to attacks.
Cybersecurity training is provided by just four in ten Irish organisations, even though it is one of the most effective safeguards. Gallagher warns that overconfidence may lead to complacency, putting businesses at risk of disruption and financial loss.
Laura Vickers of Gallagher stressed the importance of basic measures like updates and data backups to prevent serious breaches. With four in ten Irish companies suffering attacks in the past five years, firms are urged to match confidence with action.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
New SparkKitty malware targets crypto wallets
A new Trojan dubbed SparkKitty is stealing sensitive data from mobile phones, potentially giving hackers access to cryptocurrency wallets.
Cybersecurity firm Kaspersky says the malware hides in fake crypto apps, gambling platforms, and TikTok clones, spread through deceptive installs.
Once installed, SparkKitty accesses photo galleries and uploads images to a remote server, likely searching for screenshots of wallet seed phrases. Though mainly active in China and Southeast Asia, experts warn it could spread globally.
SparkKitty appears linked to the SparkCat spyware campaign, which also targeted seed phrase images.
The malware is found on iOS and Android platforms, joining other crypto-focused threats like Noodlophile and LummaC2.
TRM Labs recently reported that nearly 70% of last year’s $2.2 billion in stolen crypto came from infrastructure attacks involving seed phrase theft.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
AI data risks prompt new global cybersecurity guidance
A coalition of cybersecurity agencies, including the NSA, FBI, and CISA, has issued joint guidance to help organisations protect AI systems from emerging data security threats. The guidance explains how AI systems can be compromised by data supply chain flaws, poisoning, and drift.
Organisations are urged to adopt security measures throughout all four phases of the AI life cycle: planning, data collection, model building, and operational monitoring.
The recommendations include verifying third-party datasets, using secure ingestion protocols, and regularly auditing AI system behaviour. Particular emphasis is placed on preventing model poisoning and tracking data lineage to ensure integrity.
The guidance encourages firms to update their incident response plans to address AI-specific risks, conduct audits of ongoing projects, and establish cross-functional teams involving legal, cybersecurity, and data science experts.
With AI models increasingly central to critical infrastructure, treating data security as a core governance issue is essential.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
NATO summit overshadowed by cyber threats
NATO’s 76th summit opened in The Hague amid rising tensions in Europe and the Middle East, overshadowed by conflict and cyber threats. Leaders gathered as rushers in Ukraine dragged on, and Israel’s strikes on Iran further strained global stability.
European NATO members pledged greater defence spending, but divisions with the US over security commitments and strategy persisted. The summit also highlighted concerns about hybrid threats, with cyberespionage and sabotage by Russia-linked groups remaining a pressing issue.
According to European intelligence agencies, Russian cyber operations targeting critical infrastructure and government networks have intensified. NATO leaders face pressure to enhance collective cyber deterrence, with pro-Russian hacktivists expected to exploit summit declarations in future campaigns.
While Europe pushes to reduce reliance on the US security umbrella, uncertainty over Washington’s focus and support continues. Many fear the summit may end without concrete decisions as the alliance grapples with external threats and internal discord.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
NCSC issues new guidance for EU cybersecurity rules
The National Cyber Security Centre (NCSC) has published new guidance to assist organisations in meeting the upcoming EU Network and Information Security Directive (NIS2) requirements.
Ireland missed the October 2024 deadline but is expected to adopt the directive soon.
NIS2 broadens the scope of covered sectors and introduces stricter cybersecurity obligations, including heavier fines and legal consequences for non-compliance. The directive aims to improve security across supply chains in both the public and private sectors.
To help businesses comply, the NCSC unveiled Risk Management Measures. It also launched Cyber Fundamentals, a practical framework designed for organisations of varying sizes and risk levels.
Joseph Stephens, NCSC’s Director of Resilience, noted the challenge of broad application and praised cooperation with Belgium and Romania on a solution for the EU.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
M&S and Co‑op hit by Scattered Spider attack
High street giants M&S and Co‑op remain under siege after the Scattered Spider gang’s sophisticated cyber‑attack this April. The breaches disrupted online services and automated systems, leading to suspended orders, empty shelves and significant reputational damage.
Authorities have classified the incident as category‑2, with initial estimates suggesting losses between £270 million and £440 million. M&S expects a £300 million hit to its annual profit, with daily online sales down by up to £4 million during the outage.
In a rare display of unity, Tesco’s Booker arm stepped in to supply M&S and some independent Co‑op stores, helping to ease stock shortages. Meanwhile, cyber insurers have signalled increasing premiums, with the cost of cover for retail firms rising by up to 10 percent.
The National Cyber Security Centre and government ministers have issued urgent calls for the sector to strengthen defences, citing such high‑impact incidents as a vital wake‑up call for business readiness.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
EU and Australia to begin negotiations on security and defence partnership
Brussels and Canberra begin negotiations on a Security and Defence Partnership (SDP). The announcement follows a meeting between European Commission President Ursula von der Leyen, European Council President António Costa, and Australian Prime Minister Anthony Albanese.
The proposed SDP aims to establish a formal framework for cooperation in a range of security-related areas.
These include defence industry collaboration, counter-terrorism and cyber threats, maritime security, non-proliferation and disarmament, space security, economic security, and responses to hybrid threats.
SDPs are non-binding agreements facilitating enhanced political and operational cooperation between the EU and external partners. They do not include provisions for military deployment.
The European Union maintains SDPs with seven other countries: Albania, Japan, Moldova, North Macedonia, Norway, South Korea, and the United Kingdom. The forthcoming negotiations with Australia would expand this network, potentially increasing coordination on global and regional security issues.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Tether CEO unveils offline password manager
Paolo Ardoino, CEO of Tether, has introduced PearPass, an open-source, offline password manager. The launch comes in response to the most significant credential breach on record, which exposed 16 billion passwords.
Ardoino criticised cloud storage, stating the time has come to abandon reliance on it for security.
The leaked data reportedly covers login details from major platforms like Apple, Meta, and Google, leaving billions vulnerable to identity theft and fraud. Experts have not yet identified the perpetrators but point to systemic flaws in cloud-based data protection.
PearPass is designed to operate entirely offline, storing credentials only on users’ devices without syncing to the internet or central servers. It aims to reduce the risks of mass hacking attempts targeting large cloud vaults.
The tool’s open-source nature allows transparency and encourages the adoption of safer, decentralised security methods.
As investigations proceed, PearPass’s launch renews the debate on personal data ownership and may set a new standard for password security.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!