The UK government prioritises adopting innovative technologies through its draft industrial strategy, ‘Invest 2035.’ The comprehensive plan aims to accelerate the integration and scaling of new technologies across eight key growth sectors, including cybersecurity solutions and ensuring that all emerging technologies are secure by design.
To support this technological advancement, the strategy focuses on strengthening cyber resilience by enhancing supply chain resilience to mitigate vulnerabilities that could impede long-term growth. Implementing strengthened cyber resilience measures is essential for safeguarding growth-driving sectors against potential digital threats, thereby reinforcing the overall security of the economy.
Additionally, a crucial element of the strategy is the investment in skills and workforce development, as the UK government acknowledges the need to prepare the workforce for future challenges through substantial investments in skills and training. Promoting cybersecurity education is vital, empowering individuals and organisations to protect themselves better and leverage technological advancements.
Furthermore, the draft strategy emphasises public consultation and stakeholder engagement, inviting input from businesses, experts, unions, and other stakeholders to refine the plan before its final publication in spring 2025. The government also highlights the importance of collaboration between itself and the cyber industry, as these partnerships are essential for addressing existing challenges, such as the skills gap and outdated cyber laws. Ultimately, this strategy aims to support the growth of a secure and resilient economy, fostering an environment where organisations can thrive safely in an increasingly digital world.
Ghana has launched its revised National Cybersecurity Policy and Strategy (NCPS) to tackle the escalating cybersecurity threats arising from its rapid digital transformation. The comprehensive framework is designed to address current cyber risks and anticipate emerging ones, ensuring that Ghana’s digital infrastructure remains resilient and secure over the next five years.
The initiative was officially unveiled during the opening ceremony of the 2024 National Cybersecurity Awareness Month (NCSAM) in Accra, which, notably, saw significant participation from high-ranking officials, including the leadership of the Ghana Armed Forces and key stakeholders in cybersecurity. Moreover, the policy is anchored on five essential pillars – Legal Measures, Technical Measures, Organisational Measures, Capacity Building, and Cooperation.
Why does it matter?
The NCPS addresses the rapid digitalisation occurring across critical sectors such as finance, healthcare, education, and commerce at a pivotal moment for the nation. While these advancements offer substantial socioeconomic benefits, they also expose the nation to significant cyber risks that could jeopardise economic stability and public safety.
Therefore, by implementing the NCPS, Ghana aims to strengthen its defences against these threats, protect its digital achievements and ensure sustainable technological progress. Furthermore, Minister Ursula Owusu-Ekuful emphasised that the policy serves as a vital roadmap for addressing current and future cyber threats. In addition, that underscores the importance of enhancing public-private collaboration to bolster the country’s overall digital resilience.
Leonardo, the defence company from Italy, is actively pursuing acquisitions in the cybersecurity sector, targeting a dozen companies both domestically and abroad. CEO Roberto Cingolani mentioned that some deals could be finalised by the end of the year. The company has been working on these acquisition processes for the past several months.
No acquisition will exceed 15% of the cyber division’s turnover, following guidelines set in Leonardo’s strategic plan. The company is prioritising cyber security as a key growth area, expecting strong double-digit expansion in this field in the coming years.
Leonardo aims to establish itself as a significant player in Europe’s cyber security market. Cingolani highlighted that the sector is at the heart of the group’s strategic development, especially as digitalisation continues to offer new opportunities.
The company’s 2024-2028 industrial plan outlines its commitment to strengthening its core businesses while also focusing on cybersecurity. Over the next five years, Leonardo forecasts a 16% rise in orders and a 13% growth in revenue in this area.
India’s Financial Intelligence Unit is investigating the Indian cryptocurrency exchange WazirX following a significant cyberattack that resulted in the theft of $235 million. The exchange is cooperating with government agencies and has provided authorities with extensive server logs and transaction data related to the incident, which occurred in July. Although no physical assets have been seized, WazirX is actively engaging with regulatory bodies to understand the broader implications of the hack on the unregulated crypto sector.
In a bid to enhance transparency, WazirX plans to publicly disclose wallet addresses through court affidavits and has committed to addressing user concerns. The exchange aims to establish a 10-member committee of creditors by 9 October to assist in its restructuring efforts, to return 52-55% of the remaining crypto assets to affected clients within six months.
Additionally, WazirX’s parent company, Zettai, is in discussions with 11 potential partners to explore capital injections and profit-sharing strategies that could aid in user recoveries. Following the hack, WazirX has sought a Scheme of Arrangement in Singapore under local insolvency laws. An independent audit revealed no evidence of wrongdoing by its custodian partner, Liminal Custody.
The US Department of Homeland Security (DHS) and the Polish Ministry of Digital Affairs (MDA) have signed a Memorandum of Understanding (MOU) to bolster their collaboration in cybersecurity and emerging technology. This MOU strengthens the longstanding partnership between the United States and Poland, providing a structured framework for coordinated efforts in addressing global security challenges, including cyber threats and responsible technology development.
By focusing on key areas such as cyber policy, Secure by Design practices, information sharing, incident response, human capital development, and the safe deployment of AI and the Internet of Things (IoT), both nations demonstrate a shared commitment to transatlantic security. The timing of this MOU, which coincides with the Fourth Counter Ransomware Initiative Summit, reflects a united stance against the growing ransomware threat, as nearly 70 countries gathered to reinforce global resilience against cybercrime.
Various agencies will spearhead the implementation of the MOU as part of the agreement. In the United States, DHS entities like the Cybersecurity and Infrastructure Security Agency (CISA), the Office of Strategy, Policy, and Plans, and the Science and Technology Directorate will drive projects that enhance cybersecurity and support critical infrastructure. On the Polish side, the National Research Institute (NASK) will be instrumental in coordinating these efforts, positioning Poland for its upcoming EU Council presidency in 2025, where it aims to strengthen US-EU relations and prioritise European information security.
Why does it matter?
Together, these agencies will focus on collaborative initiatives that ensure safe technology practices, build critical skills, and enable a proactive response to digital threats, securing a stronger digital future for both nations.
Concerns are rising ahead of the US presidential election, with the latest intelligence suggesting interference from foreign nations like Russia, Iran, and China. The annual threat assessment released by the Department of Homeland Security highlights the use of AI by these countries to spread misinformation and create fake websites.
Russian actors have focused on amplifying divisive narratives, particularly around immigration. Iran has adopted a more aggressive approach, posing as activists online to encourage protests related to the conflict in Gaza. China is also seen as a potential player in efforts to undermine confidence in US democratic institutions.
The upcoming election, expected to be highly contested between Kamala Harris and Donald Trump, presents further opportunities for foreign interference. Tensions within the US could be exacerbated by these external efforts, along with potential threats from domestic extremists.
Domestic violent extremism also remains a serious concern. The report warns of the risk posed by lone actors or small cells driven by grievances related to race, religion, or anti-government views. These groups may attempt violent actions to instill fear or disrupt the electoral process.
The Indian government has recently redefined the roles of key ministries concerning telecom network security, cybersecurity, and cybercrime through amendments to the business allocation rules. As a result, this strategic reorganisation ensures that each ministry is assigned clear responsibilities, streamlining efforts to manage these vital areas more effectively.
The roles have been precisely delineated to enhance governance. Specifically, the Ministry of Communications is responsible for telecom security under the Telecommunication Act of 2023, which enables authorities to access traffic data, including from OTT services like WhatsApp. Meanwhile, cybersecurity falls under the Ministry of Electronics and Information Technology (MeitY), as outlined in the IT Act of 2000, with strategic guidance provided by the National Security Council Secretariat.
Furthermore, the Ministry of Home Affairs (MHA) oversees cybercrime, working closely with the Department of Telecommunications to address fraud and utilising tools such as Pratibimb to track mobile numbers involved in cybercriminal activities.
There is an ongoing debate on regulating OTT communication services. While telecom companies continue to push to regulate these services under the Telecom Act, the government in India has reiterated that OTT services like WhatsApp and Telegram fall under the Information Technology Act. This differentiation reflects the broader scope of the IT Act in handling digital communication services, even as pressure mounts for more stringent telecom-specific regulations.
Check Point Research has uncovered a crypto wallet drainer app that was active on the Google Play Store for over five months, stealing more than $70,000 from unsuspecting users. The malicious app masqueraded as WalletConnect, a popular tool for linking crypto wallets to decentralised finance (DeFi) apps. Despite being disguised as a legitimate app, it managed to evade detection through advanced techniques and fake reviews, gaining over 10,000 downloads.
The app, originally named ‘Mestox Calculator,’ tricked users into connecting their wallets and accepting permissions, allowing attackers to drain funds. Although not all users were affected, over 150 victims lost substantial sums. The app was eventually removed from the store, but its ability to avoid detection highlighted gaps in-app verification processes on platforms like Google Play.
Check Point Research emphasised the increasing sophistication of cybercriminals and urged both users and app stores to remain vigilant. The researchers warned that even seemingly harmless apps can pose a serious financial threat in the Web3 world, stressing the importance of educating users about these risks.
Cybersecurity experts have uncovered a novel tactic used by hackers to deliver malware for covert crypto mining. Hackers are now exploiting automated email replies from compromised accounts to infect businesses in Russia, including financial institutions, with the XMRig mining tool. Since May, over 150 emails containing this malicious software have been detected, but most were blocked by Facct, a leading threat intelligence firm.
This technique is particularly dangerous as it involves victims initiating contact, and expecting a reply from their initial email. Due to this established communication, many are unsuspecting of the malware attached. Facct urges organisations to stay vigilant by conducting regular cybersecurity training and adopting strong passwords with multifactor authentication.
The XMRig software, often used in crypto mining attacks, has been part of several widespread malware campaigns since 2020, highlighting the persistent threat of cybercriminals using innovative methods to target vulnerable systems.
A new report from PwC has uncovered alarming gaps in global cybersecurity practices among organisations. The 2025 Global Digital Trust Insights survey, which gathered insights from 4,042 business and technology executives across 77 countries, revealed that only 2% of organisations have fully implemented cyber resilience measures in all areas assessed.
Specifically the survey evaluated 12 key resilience actions related to people, processes, and technology. Fewer than 42% of executives believe their organisations have fully adopted any one of these measures. Among the most critical gaps are:
Establishing a resilience team, with only 34% reporting implementation organization-wide
Developing a cyber recovery playbook for IT-loss scenarios, achieved by just 35%
Mapping technology dependencies, with only 31% completed
These findings highlight a concerning vulnerability, leaving many organisations exposed to cyber attacks that could jeopardise their entire operations.
Another critical issue raised in the report is the insufficient involvement of Chief Information Security Officers (CISOs) in essential business activities. Fewer than 50% of CISOs are significantly engaged in strategic planning for cyber investments, board reporting, or overseeing technology deployments. This lack of participation at high decision-making levels creates the risk of misaligned strategies and weaker security postures. The report advocates for granting CISOs a seat at the table to ensure cybersecurity considerations are embedded within core business strategies.
The rapid integration of new technologies is introducing additional cybersecurity challenges. According to the report, 67% of security executives indicated that the rise of generative AI has expanded their attack surface over the past year. Vulnerabilities are also increasing due to the adoption of cloud technologies and connected devices. Despite these risks, organisations continue to invest in new technologies, with 78% of executives reporting increased spending on generative AI in the last year, underscoring the tension between innovation and security.
Cybersecurity regulations are emerging as a significant catalyst for investment, with 96% of executives acknowledging that regulatory requirements have driven enhancements in their security measures. Furthermore, 78% believe that regulations have prompted improvements or challenges to their cybersecurity posture. However, the report also highlights a notable confidence gap between CISOs/CSOs and CEOs concerning compliance with AI and resilience regulations. This 13-point disparity indicates a disconnect in how different executives view their organisation’s readiness to meet regulatory demands.
