- This news round-up brings you the top cybersecurity stories of the past month.
- Top cybersecurity news: UK cybersecurity agency warns against instant injection attacks on AI; Data breaches continue to grow in 2023; Reports suggest that Japan’s Cybersecurity Agency is dealing with the breach.
1. UK Cybersecurity Agency Warns Against Attacks Targeting AI Chatbots
The UK’s National Cyber Security Center (NCSC) has highlighted the growing risk of chatbots being manipulated by hackers through “prompt injection” attacks. This occurs when a user creates input that causes the model to behave unexpectedly, such as creating offensive content or revealing confidential information.
The current generation of large language models (LLM) is vulnerable to this type of input, which can have worrisome consequences, the agency says. As LLMs are increasingly used to provide information to other services and applications, the risk of prompt injection attacks will increase.
NCSC has also announced that Ollie Whitehouse will become its new Chief Technology Officer.
To accelerate public-private responses to address the global cybersecurity skills and talent gap, the World Economic Forum Center for Cyber Security has launched the “Bridging the Cyber Skills Gap” initiative. The initiative is based on the Forum’s extensive research on the future of jobs and approaches to reskilling across sectors.
The initiative brings together a multistakeholder group including industry leaders, government agencies, civil society and academia to create a strategic cybersecurity talent framework and actions to help individuals enter and thrive in the cybersecurity workforce.
Among other things, the initiative seeks to:
Raise awareness of the cybersecurity skills shortage and its financial and security implications, and share knowledge among C-suite executives and decision makers and define strategic approaches and processes that will help create sustainable cyber talent pipelines across organizations and across sectors and geographies.
The forum has also partnered with Salesforce, Fortinet and the Global Cyber Alliance to provide free and globally accessible cyber security training. Cyber Security Learning Hub. The platform aims to democratize access to cybersecurity career paths and already trained 1.16M individuals spread over all continents.
Absa, a partner of the World Economic Forum, in collaboration with the Maharishi Institute, has also developed the Absa Cybersecurity Academy which targets some of South Africa’s most disadvantaged groups.
Read more about Our influence
2. Data breaches continue to grow in 2023
According to new data from VPN provider Surfshark, there has been a 156% increase in the number of data breaches worldwide between Q1 and Q2 2023.
A total of 110.8 million accounts were leaked in the second quarter of the year, equivalent to 855 per minute.
Almost half of these breaches were to accounts originating in the US, while Russia, Spain, France and Turkey made up the rest of the top five most breached countries.
According to a new report from IBM, the global average cost of a data breach has increased by 15% over the past three years. Data Costs a Breach 2023 51% of organizations plan to improve their cyber security as a result of the breach.
3. News in a nutshell: This month’s top cyber security stories
Japan’s National Cyber Defense Agency has been infiltrated by hackers who can access up to nine months of information. Financial Times The report says the attack on Japan’s National Center of Incident Readiness and Strategy for Cyber Security began last fall, with Chinese state-backed hackers behind it.
Basic cyber hygiene still protects against 98% of attacks, says Microsoft. The minimum standards adopted by each organization are: Phishing-resistant multifactor authentication required; applying zero trust principles; using up-to-date anti-malware tools; keeping system and software updates up to date; and data protection.
Bonuses for top company executives are increasingly tied to cybersecurity metrics. Cybersecurity is part of a trend for higher-level consideration, with companies including Johnson & Johnson and the London Stock Exchange Group among those linking a portion of bonuses to cyber targets in 2022.
The Five Eyes Intelligence Alliance has detailed how Russian state-sponsored hackers are using Android malware called the sandworm Infamous Chisel to attack Ukrainian soldiers’ devices, scan files, monitor traffic and steal sensitive information.
Microsoft identifies seven emerging hybrid warfare trends from Russia’s cyber war with Ukraine. This includes the weaponization of pacifism by fueling discontent about war and fear of World War III. Other tactics include demonizing refugees and imposing nationalism.
A cybercrime couple has pleaded guilty to trying to launder $4.5bn in bitcoin stolen in a 2016 hack. Heather Morgan and Ilya Lichtenstein were arrested last year after police discovered the funds. Prior to her arrest, Morgan released a series of rap videos under the name Razjalekhan.
4. More on cybersecurity on the agenda
The World Economic Forum’s Global Coalition for Digital Safety has created basic language for defining online harm. The aim is to create a common language to describe the problems of online harm so that regulators and technology companies can work together to solve them.
Integrating and testing cybersecurity tools and increasing flexibility are seven steps companies can take to control their cybersecurity costs without compromising their effectiveness.
We need to be realistic about the impact of generative AI, say Paul Swartz and Francois Candelon of the BCG Henderson Institute. Technology’s impact on productivity growth has been consistently overstated, he says, and analysts could repeat that mistake with generative AI.