FST Government’s Post

Data holds significant importance and possesses the capacity to fundamentally alter the structure of our society. Promoting Pan-Africanism in data protection entails maximizing the utilization of available data infrastructure. The #nadpaconference acknowledged existing deficiencies in data protection policies and regulatory frameworks, emphasizing the necessity of identifying and addressing these gaps at a continental level. Recommendations have been put forth for legislative reforms aimed at mitigating emerging cyber threats. While digitization is essential, it must be accompanied by robust risk mitigation strategies. NADPA - RAPDP #DataProtectionKE

The #NIS2 Directive sets a new benchmark for boosting cybersecurity across the European Union, requiring organizations to adopt sophisticated tools and platforms to maintain compliance or face substantial fines. Balbix offers a comprehensive suite of features that empower organizations in critical sectors, such as energy, transport, banking, financial market infrastructures, drinking water, healthcare and digital infrastructure, to fulfill the directive's mandates and strengthen their cybersecurity posture. Discover how Balbix, through #AI, automation, real-time insights, and an integrated approach to cyber risk management, not only helps you achieve compliance with the NIS2 Directive but can also improve your organization's overall cyber resilience. https://lnkd.in/gaNHYvXW #NIS2 #EUcyber #infosec

In an era marked by rising cyber threats, skills shortages, budget constraints, and stringent legislation; organizations have found it challenging to safeguard their digital assets. Anna Barkvall from Orange Cyberdefense highlights the critical role of proactive measures in mitigating the impact of cyberattacks, emphasizing the need for increased investment in comprehensive security strategies rather than solely relying on technical solutions. She underscores the significance of addressing security concerns throughout the organization and warns against underestimating the potential threats posed by emerging technologies like GenAI. By allocating resources to comprehensive security strategies and leveraging AI tools, enterprises can better navigate evolving threats and regulatory requirements, ultimately enhancing their resilience against cyberattacks. #ECRM #CyberAttacks #CyberRisks #TechSolutions

Following on from my post yesterday about the NCSC and ENISA reports on the state of UK and EU cyber security (a link to it is in the comments 👇) I've been doing a bit of comparative analysis with the able assistance of Google's #NotebookLM. There are strong similarities in their views and conclusions, which should come as no surprise as one hopes there is a lot of collaboration that goes on between the organisations and individuals. Some of the key similarities are: - Increased concern over the lack of effective supply chain assurance ✔️VVG - An emphasis on collaboration and information sharing ✔️VG - Recognition of the skills gap (though with different prescriptions) - The importance of good vulnerability disclosure and management - Challenges in managing security in AI and other emerging technologies But there are some key differences as well, such as: - Threats : ENISA focuses more on specific types of attack, such as Ransomware and Denial of Service, where as NCSC's focus is more on specific threat groups, such as Nation States and Cyber Crime using AI. - Levers : ENISA advocates policy, regulation and legislation to improve the situation, which NCSC leans towards market-driven solutions, liabilities and rewards. - New Technology : NCSC seems to be more conscious of the impact of new technologies such as AI and the post-quantum cryptography. ENISA's focus remains on the continuity of established practices and regulations. They both recognise the progress already made and the continued need for further action. But as I reported yesterday, the tone of the ENISA report seems to call for a continuation of the same, while in the NCSC report there is a stronger voice saying that the threat is widely underestimated and calling for the urgent mass adoption of basic practices. This implies that NCSC feels existing security is in general inadequate; a view not communicated by ENISA. #CyberSecurity #CyberHygiene

This week our chart looks at the rapidly growing threat of cybercrime. We explore the sectors most at risk and the implications for corporate reputation. #cybercrime #cyberthreat #crisismangement https://lnkd.in/ef8tcnm4

In today’s article published in IN Business news, MAP S.Platis Group CEO Demetris Taxitaris provides key insights about #DORA regulation (Digital Operational Resilience Act), discussing, among others, the significance of this new #regulation in supporting firms to ensure strong operational and #digitalresilience, as well as the readiness of #Cyprus regulated firms to comply with the new regulation and the steps already taken by #regulators towards this direction. “𝘛𝘩𝘦 𝘤𝘰𝘳𝘦 𝘰𝘣𝘫𝘦𝘤𝘵𝘪𝘷𝘦𝘴 𝘰𝘧 𝘋𝘖𝘙𝘈 𝘳𝘦𝘨𝘶𝘭𝘢𝘵𝘪𝘰𝘯 𝘳𝘦𝘷𝘰𝘭𝘷𝘦 𝘢𝘳𝘰𝘶𝘯𝘥 𝘦𝘯𝘴𝘶𝘳𝘪𝘯𝘨 𝘴𝘵𝘳𝘰𝘯𝘨 𝘱𝘳𝘰𝘵𝘦𝘤𝘵𝘪𝘰𝘯 𝘢𝘯𝘥 𝘳𝘦𝘴𝘪𝘭𝘪𝘦𝘯𝘤𝘦 𝘪𝘯 𝘵𝘩𝘦 𝘥𝘪𝘨𝘪𝘵𝘢𝘭 𝘭𝘢𝘯𝘥𝘴𝘤𝘢𝘱𝘦. 𝘛𝘩𝘦𝘴𝘦 𝘤𝘢𝘯 𝘣𝘦 𝘢𝘤𝘩𝘪𝘦𝘷𝘦𝘥 𝘵𝘩𝘳𝘰𝘶𝘨𝘩 𝘵𝘢𝘳𝘨𝘦𝘵𝘦𝘥 𝘮𝘦𝘤𝘩𝘢𝘯𝘪𝘴𝘮𝘴 𝘴𝘶𝘤𝘩 𝘢𝘴 𝘳𝘪𝘴𝘬 𝘢𝘴𝘴𝘦𝘴𝘴𝘮𝘦𝘯𝘵𝘴, 𝘥𝘪𝘨𝘪𝘵𝘢𝘭 𝘳𝘦𝘴𝘪𝘭𝘪𝘦𝘯𝘤𝘦 𝘴𝘵𝘳𝘦𝘴𝘴 𝘵𝘦𝘴𝘵𝘴, 𝘰𝘯𝘨𝘰𝘪𝘯𝘨 𝘮𝘰𝘯𝘪𝘵𝘰𝘳𝘪𝘯𝘨, 𝘢𝘯𝘥 𝘦𝘴𝘵𝘢𝘣𝘭𝘪𝘴𝘩𝘪𝘯𝘨 𝘱𝘳𝘰𝘤𝘦𝘥𝘶𝘳𝘦𝘴 𝘧𝘰𝘳 𝘦𝘧𝘧𝘦𝘤𝘵𝘪𝘷𝘦𝘭𝘺 𝘳𝘦𝘴𝘱𝘰𝘯𝘥𝘪𝘯𝘨 𝘵𝘰 𝘢𝘯𝘥 𝘮𝘢𝘯𝘢𝘨𝘪𝘯𝘨 𝘤𝘺𝘣𝘦𝘳 𝘪𝘯𝘤𝘪𝘥𝘦𝘯𝘵𝘴.” ➡️ Read the full article [in Greek]:  https://lnkd.in/ee89iadM

Well, it’s certainly been quite the week in cybersecurity news! Let’s go over some of the most interesting headlines – 𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗖𝗿𝗼𝗻𝗼𝘀 𝗧𝗮𝘀𝗸𝗳𝗼𝗿𝗰𝗲 𝗨𝗻𝘃𝗲𝗶𝗹𝘀 𝗟𝗼𝗰𝗸𝗯𝗶𝘁’𝘀 𝗟𝗲𝗮𝗱𝗲𝗿 On Tuesday afternoon, the Operation Cronos taskforce (an NCA-led international disruption campaign) officially unmasked Dmitry Khoroshev, the administrator and developer of the Lockbit ransomware group. Previously offering $10 million to anyone who could unveil him, I’m not sure the respective crime agencies will ever see this reward! Their deserves serious commendation nonetheless. 𝗨𝗞 𝗠𝗶𝗻𝗶𝘀𝘁𝗿𝘆 𝗼𝗳 𝗗𝗲𝗳𝗲𝗻𝗰𝗲 𝗦𝘂𝗳𝗳𝗲𝗿𝘀 𝗗𝗮𝘁𝗮 𝗕𝗿𝗲𝗮𝗰𝗵 Hitting the media like wildfire, it was revealed on Monday that hackers had successfully compromised a third-party payroll system used by the UK Ministry of Defence. Sensitive data leaked includes the names and bank details of current and previous armed forces members, this figure being reported to be around 270,000. Fingers were immediately pointed at China with Beijing denying involvement, though Reuters has now attributed it to a ‘malign actor’. Regardless, this should come as an important reminder of the vulnerabilities present in the supply chain. 𝗠𝗜𝟱 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿 𝗚𝗲𝗻𝗲𝗿𝗮𝗹 𝗪𝗮𝗿𝗻𝘀 𝗼𝗳 𝗘𝘀𝗽𝗶𝗼𝗻𝗮𝗴𝗲 𝗮𝘁 𝗨𝗻𝗶𝘃𝗲𝗿𝘀𝗶𝘁𝗶𝗲𝘀 MI5 Director General Ken McCallum has issued a warning to leading research universities across the UK that foreign states are likely to be targeting their institutions in a threat to national security. Despite no accusations being levied, concerns have previously been raised about Chinese espionage in the pursuit of intellectual property. It is worth research institutions assessing their vulnerability to such intrusion and address concerns proactively, as this isn't the first time we've heard this. 𝗡𝗖𝗦𝗖 𝗮𝗻𝗱 𝗜𝗻𝘁𝗲𝗿𝗻𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗣𝗮𝗿𝘁𝗻𝗲𝗿𝘀 𝗜𝘀𝘀𝘂𝗲 𝗥𝗲𝗻𝗲𝘄𝗲𝗱 𝗪𝗮𝗿𝗻𝗶𝗻𝗴 𝗼𝗻 𝗥𝘂𝘀𝘀𝗶𝗮 The UK NCSC and its international partners have renewed and intensified their warning on Russian state-aligned groups targeting of critical national infrastructure. This notice specifically warns against the potential compromise of industrial control systems and small-scale OT systems across Europe and North America, particularly in organisations that constitute CNI. While attacks might be low-level as of present, the intention is undeniably disruptive and destructive. Feel free to drop into my messages to chat further about any of these, as this is undeniably one of the most interesting starts to a week in infosec!

Federal IT leaders often struggle to balance innovation with risk management in the ever-evolving digital age. They must safeguard sensitive data from cyber threats while embracing new technologies that improve efficiency and citizen services. To make matters more difficult, the growing ocean of information agencies must contend with — from citizen records to critical infrastructure data — is vulnerable to advanced persistent threats, or APTs, and changing compliance regulations. Our latest eBook dives into how IT modernization presents a compelling solution and breaks down the steps to achieve mission success. ➡️📄 Learn more at https://lnkd.in/euh5pQDa  #itmodernization #federalit #digitaltransformation #cloudcomputing #innovation

Thanks to Think Digital Partners for the opportunity to share my thoughts on the pressing topic of #SupplyChain resilience. The world is increasingly interconnected but also increasingly volatile. The delivery of core public services frequently depends on intricate, international networks of suppliers. We had a glimpse of what disruption to these networks could mean during Covid-19. It would be naïve to think that such disruptions could not happen again. Governments therefore need to work to build secure and adaptable - but also ethical - national supply chains, and this is where Comprehensive Risk Management has a central part to play. As well as national security, risk management needs to take account of regulatory compliance and human rights – and the emerging threats around cyber risk. In this article, I argue that technology holds the key to governments around the world being able to take a proactive stance towards protecting the integrity of their supply chains and safeguarding public trust. #TPRM #ThirdPartyRiskManagement #HumanRights #Compliance #CyberRisk https://lnkd.in/e4JW6mMC

Cyber security is national and social security. Governments should spend more on education and awareness as well. The 27 EU member states have until 17 October this year to transpose NIS2 into national law. The rules aim to protect critical infrastructures, such as energy, transport, banking, water and digital infrastructures. https://lnkd.in/duYGBX6d