cybersecurity

Kenya partners with Google to drive digital transformation and economic growth

Kenya partners with Google to enhance its digital infrastructure and empower its citizens in the evolving digital economy. The collaboration aims to create a robust digital ecosystem that meets current technological needs while anticipating future demands.

Kenya seeks to empower decision-makers with real-time insights by utilising AI and data-driven technologies, enhancing operational efficiency and facilitating effective governance. A key focus of the partnership is revitalising the tourism sector through Google’s technology, attracting more international visitors and showcasing the country’s unique landscapes, wildlife, and cultural heritage.

Additionally, prioritising cybersecurity measures is critical to building trust among citizens and ensuring a secure digital environment. The initiative will also promote skills training to equip Kenyans with essential digital competencies, fostering innovation and creativity while contributing to the overall growth of the nation’s economy.

Through this partnership, Kenya addresses immediate technological needs and lays a foundation for sustainable development in the digital space. By enhancing digital literacy and integrating advanced technologies, the collaboration positions Kenya as a leader in the region’s technological landscape.

Why does it matter?

The comprehensive approach ensures that as the digital economy expands, citizens are well-prepared to navigate the challenges and opportunities that arise, ultimately driving growth and resilience in the face of rapid technological advancements.

Hong Kong restricts apps like WhatsApp and WeChat for civil servants

The Hong Kong government has banned most civil servants from using widely used apps, including WhatsApp, WeChat, and Google Drive, on work computers to reduce security risks. The Digital Policy Office’s updated IT security guidelines allow government workers to access these services on personal devices at work, and managers can grant exceptions to the ban if required.

Experts in cybersecurity agree with the policy, pointing to similar restrictions in other governments, including the United States and China, amid increasing concerns over data leaks and hacking threats. Sun Dong, Secretary for Innovation, Technology and Industry, noted that stricter controls were essential given the growing complexity of cybersecurity challenges.

The ban is intended to minimise potential breaches by preventing malware from bypassing security measures through encrypted messages, according to Francis Fong, the honorary president of the Hong Kong Information Technology Federation. Anthony Lai, director of VX Research Limited, called the decision prudent, citing low cybersecurity awareness among some staff and limited monitoring of internal systems.

Data breaches have previously compromised tens of thousands of Hong Kong citizens’ personal information, raising public concern about government cybersecurity protocols. The updated guidelines aim to address these vulnerabilities while increasing overall data security.

Moro Hub and UAE Space Agency partner for digital transformation

Moro Hub and the UAE Space Agency have signed a Memorandum of Understanding (MoU) to establish a strategic partnership to enhance digital transformation within the space sector. The collaboration seeks to leverage Moro Hub’s advanced digital solutions to support the operational goals of the UAE Space Agency.

The key objectives of the MoU include improving operational efficiency through cloud services and cybersecurity, enhancing customer engagement with innovative digital platforms, and creating a competitive advantage that positions the UAE Space Agency as a leader in both the regional and global space sectors. That partnership marks a milestone in the technological evolution of the UAE Space Agency, as it aims to accelerate digital capabilities essential for successful space missions and aligns with the broader vision of the UAE government to reinforce innovation across various sectors.

The enthusiasm surrounding this collaboration highlights its potential to reshape operations and drive advancements, ultimately contributing to the UAE’s ambition to explore new frontiers in space and technology.

Vodafone pushes for cybersecurity reforms in Greece

Vodafone Greece, in collaboration with the Hellenic Foundation for European and Foreign Policy (ELIAMEP), presented a set of proposed cybersecurity policies to Michalis Bletsas, Governor of the National Cybersecurity Authority. The initiative stems from public opinion surveys conducted by Metron Analysis on the views of Greek citizens and businesses on digital security, and a roundtable discussion at the Delphi Economic Forum’s Center for Cybersecurity.

The project identifies key issues in Greece’s cybersecurity landscape, such as fragmented policies, weak public-private sector collaboration, and a lack of a cybersecurity culture among workers. The proposals aim to improve anticipation, prevention, resilience, and response to cyber threats by reforming Greece’s legislative framework and raising awareness about digital security. Bletsas noted that these proposals align with the European NIS2 Directive, which is currently under public consultation.

Maria Skagou, Vodafone Greece’s Director of Legal and Regulatory Affairs, emphasised the importance of cybersecurity in today’s digital age, stressing the need for risk prevention, staff training, and public awareness to address evolving threats.

Internet Archive faces major cybersecurity breach amid targeted attacks

The Internet Archive, the world’s largest digital library, is facing new security troubles after recently recovering from a series of cyber-attacks. On 20 October, users and media outlets reported receiving an email that appeared to come from the Internet Archive Team, revealing a stolen access token for the library’s Zendesk account, a customer service platform. The email claimed the Internet Archive had failed to rotate several exposed API keys, including one that allowed access to over 800,000 support tickets since 2018.

The email, although unauthorised, seemed legitimate as it passed security checks, indicating it might have come from an official Zendesk server. Security experts, including the group Vx-underground, believe the hackers still have persistent access to the Archive’s systems, sending a clear message about unresolved vulnerabilities. Jake Moore, a cybersecurity advisor at ESET, stressed the importance of swift audits after such attacks, warning that attackers often return to test new defences.

The recent cyber-attacks on the Internet Archive included distributed denial-of-service (DDoS) attacks, website defacement, and a data breach. While the pro-Palestinian hacktivist group BlackMeta claimed responsibility for the DDoS attacks, the data breach involved a separate threat actor. According to reports, the breach was caused by an exposed GitLab configuration file, allowing the hacker to download source code and access sensitive information, including the Zendesk API tokens.

Experts warn that the attack may have compromised over 800 support tickets. Despite criticism for not rotating API keys, Internet Archive faces significant challenges in fully understanding the extent of the breach and preventing further exploitation. Ev Kontsevoy, CEO of Teleport, emphasised the importance of having a clear view of access relationships to manage incidents without widespread disruption.

The Internet Archive and its founder, Brewster Kahle, have not publicly commented on the issue. Both Internet Archive and GitLab have also yet to respond to requests for more information.

The situation remains ongoing as the digital library works to address the security flaws that continue to leave it vulnerable.

Digital technology experts urge cybersecurity collaboration in Africa

Digital technology experts highlighted the need for collaboration and partnerships among African nations to tackle shared cybersecurity threats effectively. By emphasising a unified approach, participants recognised that regional cooperation is essential in addressing the complexities of cyber risks that impact businesses and governments.

Public-private partnerships were also advocated, as collaboration between the private sector and governmental agencies can foster the development of effective cybersecurity solutions, creating a safer business environment and promoting resilience against cyber threats. Additionally, they underscored the importance of identifying and valuing critical infrastructure, which is vital for informing robust security strategies. Sharing best practices among African countries can enhance defences without reinventing solutions, creating a collective strength across the continent.

Specifically, the call for harmonised cybersecurity laws across Africa aims to create consistent regulations that address capacity gaps and enhance digital security. Additionally, capacity-building initiatives are essential for equipping individuals and organisations to tackle evolving cyber challenges.

Moreover, they emphasised the need for effective incident response frameworks, as these strategies are crucial for minimising the impact of cyber incidents on businesses and governments. Ultimately, this proactive approach boosts resilience and fosters trust in the digital ecosystem, enabling Africa to navigate the complexities of the digital age confidently.

EU member states face cybersecurity directive deadline challenges

Many EU member states are set to miss the October 17 deadline to implement the Network and Information Security Directive (NIS 2), aimed at enhancing cybersecurity for critical sectors. Only Belgium, Croatia, Italy, and Lithuania have made partial progress, while others like Germany and the Netherlands have pending legislation, and countries such as Ireland and Spain lag further behind. The directive, approved in 2022, expands protections for sectors like energy, transport, banking, and water, and replaces the previous NIS1 directive, which failed to boost cyber resilience.

Businesses are concerned about the fragmented implementation and compliance challenges, particularly for companies operating across multiple markets. The European Federation of National Associations of Water Services (EurEau) warned that delays create uncertainty for water operators, who may need financial support to meet cybersecurity requirements. Similarly, the software lobby group BSA criticised the lack of guidance on incident reporting, a key aspect of NIS 2.

The European DIGITAL SME Alliance expressed worries for small and medium enterprises that might be impacted if they are part of larger companies’ supply chains under NIS 2. The directive mandates penalties for non-compliance, including fines of up to €10 million or 2% of global revenue, and holds senior management accountable for security breaches, signaling a shift in responsibility beyond IT departments.

Orro launches critical infrastructure division in Australia and New Zealand

Orro is enhancing its operational technology (OT) capabilities with the launch of its new division, Orro Critical Infrastructure, aimed at serving Australia and New Zealand. That initiative represents a significant advancement in Orro’s commitment to providing innovative solutions tailored to meet the growing demands of the industrial sector.

The division will offer a comprehensive suite of specialised services, including network infrastructure, cybersecurity, distributed cloud systems, and private LTE wireless networks. A key component of this initiative is establishing a new Security Operations Centre (SOC) designed explicitly for OT customers, providing real-time protection against potential cyberattacks and ensuring robust cybersecurity measures.

Additionally, Orro will focus on operational excellence by integrating best practices from IT and OT disciplines to effectively manage the complexities of OT production environments. The company will assess and stabilise existing critical infrastructure assets, working closely with industry regulators and clients to implement key transformations.

These expanded capabilities are expected to benefit customers across various sectors, including energy, transport and logistics, healthcare, retail, and state government entities, fostering innovation and resilience in critical infrastructure management.

UK’s ‘Invest 2035’ strategy prioritises cybersecurity and technological adoption to secure future growth

The UK government prioritises adopting innovative technologies through its draft industrial strategy, ‘Invest 2035.’ The comprehensive plan aims to accelerate the integration and scaling of new technologies across eight key growth sectors, including cybersecurity solutions and ensuring that all emerging technologies are secure by design.

To support this technological advancement, the strategy focuses on strengthening cyber resilience by enhancing supply chain resilience to mitigate vulnerabilities that could impede long-term growth. Implementing strengthened cyber resilience measures is essential for safeguarding growth-driving sectors against potential digital threats, thereby reinforcing the overall security of the economy.

Additionally, a crucial element of the strategy is the investment in skills and workforce development, as the UK government acknowledges the need to prepare the workforce for future challenges through substantial investments in skills and training. Promoting cybersecurity education is vital, empowering individuals and organisations to protect themselves better and leverage technological advancements.

Furthermore, the draft strategy emphasises public consultation and stakeholder engagement, inviting input from businesses, experts, unions, and other stakeholders to refine the plan before its final publication in spring 2025. The government also highlights the importance of collaboration between itself and the cyber industry, as these partnerships are essential for addressing existing challenges, such as the skills gap and outdated cyber laws. Ultimately, this strategy aims to support the growth of a secure and resilient economy, fostering an environment where organisations can thrive safely in an increasingly digital world.

Ghana to launch new cybersecurity policy

Ghana has launched its revised National Cybersecurity Policy and Strategy (NCPS) to tackle the escalating cybersecurity threats arising from its rapid digital transformation. The comprehensive framework is designed to address current cyber risks and anticipate emerging ones, ensuring that Ghana’s digital infrastructure remains resilient and secure over the next five years.

The initiative was officially unveiled during the opening ceremony of the 2024 National Cybersecurity Awareness Month (NCSAM) in Accra, which, notably, saw significant participation from high-ranking officials, including the leadership of the Ghana Armed Forces and key stakeholders in cybersecurity. Moreover, the policy is anchored on five essential pillars – Legal Measures, Technical Measures, Organisational Measures, Capacity Building, and Cooperation.

Why does it matter?

The NCPS addresses the rapid digitalisation occurring across critical sectors such as finance, healthcare, education, and commerce at a pivotal moment for the nation. While these advancements offer substantial socioeconomic benefits, they also expose the nation to significant cyber risks that could jeopardise economic stability and public safety.

Therefore, by implementing the NCPS, Ghana aims to strengthen its defences against these threats, protect its digital achievements and ensure sustainable technological progress. Furthermore, Minister Ursula Owusu-Ekuful emphasised that the policy serves as a vital roadmap for addressing current and future cyber threats. In addition, that underscores the importance of enhancing public-private collaboration to bolster the country’s overall digital resilience.