White House unveils cyber workforce plan, and other cybersecurity news to know this month

The Biden administration has unveiled its strategy to strengthen the US' cyber workforce in a bid to tackle the large number of vacancies in the short and longer term.

The National Cyber and Workforce Education Strategy aims to increase basic-level cyber skills across the country, transform cyber education and boost the cyber workforce, including the federal workforce.

"Filling the hundreds of thousands of cyber job vacancies across our nation is a national security imperative," the White House says.

The document builds on the National Cybersecurity Strategy announced in March.

The US is also stepping up regulation against cybercrime. Publicly traded companies will now have to share details of hacking incidents against them within four days.

The new rule, put in place by the US Securities and Exchange Commission, is intended to help tackle the mounting cost and frequency of cyberattacks.

Malware-related security threats in operational technology (OT) and Internet of Things (IoT) devices jumped tenfold in the first half of the year, according to data from Nozomi Networks.

Activity increased 96% in the broad category of malware and potentially unwanted applications, telemetry from the cybersecurity firm shows. Meanwhile, threat activity related to access controls more than doubled. Nation states, criminal groups and hacktivists continue to target healthcare, energy and manufacturing, Nozomi says.

Separate research by cybersecurity firm BlackBerry shows there were 55,000 attacks against government and public entities carried out by nation-state actors and hackers from March to May. This represents a 40% hike on the previous quarter.

The most common targets were government entities in North America, Australia, South Korea and Japan.

A team of researchers has trained a deep-learning model to steal information based on the noise of computer keystrokes. When trained on keystrokes recorded on a nearby phone the algorithm was able to predict them with 95% accuracy. When the recording was done via Zoom, accuracy was 93%. This demonstrates the potential for passwords or sensitive information to be stolen based on sound alone.

The UK government has warned that a serious cyberattack on critical infrastructure has a 5-25% chance of happening in the next two years. Its National Risk Register 2023 report says such attacks could result in thousands of deaths or casualties.

The US Cybersecurity and Infrastructure Security Agency has released its FY2024-2026 Strategic Plan, which is aimed at complementing the White House's cybersecurity strategy. The plan sets out a vision for addressing immediate cybersecurity threats, helping organizations improve their cybersecurity and driving its adoption at scale.

Sporting events are increasingly prone to cyberattacks, a new report from Microsoft has highlighted. There has been an increase in attacks against high-profile sporting events in recent years by both politically and financially motivated bad actors, the report says.

The UK's elections watchdog has disclosed a significant cyber-attack, with "hostile actors" breaching electoral registers and email systems, the BBC reports. The hackers potentially had access to the names and addresses of UK voters for several weeks from August 2021 as the attack was not detected until October.

The rush to develop AI systems and grab market share could lead to cybersecurity oversights, according to the CEO of the UK's National Cyber Security Centre. "The scale and complexity of these models is such that if we don't apply the right basic principles as they are being developed in the early stages, it will be much more difficult to retrofit security," Lindy Cameron told the BBC.

North Korean hackers breached computer networks at a Russian missile developer for an extended period last year, Reuters reports. Pyongyang subsequently announced numerous developments related to its banned ballistic missile programme, although it is not certain whether these were linked to the hacking activity.

Do we need a UN watchdog to fight deep fakes and other AI risks, asks Dr Jean-Marc Rickli, Head of Global and Emerging Risks at the Geneva Centre for Security Policy. Global and national governance needs to become more reactive and anticipatory given the exponential technologies that have emerged, he argues.

People's homes present an easy target for cybercriminals. Teaching cybersecurity to households, including children and the elderly, is crucial. Unsecured devices present an easy way for malicious actors to target homes.

Ransomware attacks are on the rise and becoming increasingly sophisticated. Asia-Pacific is the region most affected – but are businesses preparing in the right way? Such attacks can be a test of leadership.