- This news round-up brings you key cybersecurity stories from the past month.
- Top cybersecurity news: UK cybersecurity agency warns against prompt injection attacks on AI; Data breaches continue to climb in 2023; Japan’s cybersecurity agency suffers breach, reports suggest.
1. UK cybersecurity agency warns against attacks targetting AI chatbots
The UK’s National Cyber Security Centre (NCSC) has highlighted a growing risk of chatbots being manipulated by hackers through “prompt injection” attacks. This is when a user creates an input that causes a model to behave in an unintended way, such as generating offensive content or revealing confidential information.
The current generation of large language models (LLMs) is vulnerable to these types of inputs, which could have worrying consequences, the agency says. As LLMs are increasingly used to pass information to other services and applications, the risk of prompt injection attacks will grow.
The NCSC has also announced that Ollie Whitehouse will become its new Chief Technology Officer.
To accelerate public-private responses to address the global cybersecurity skills and talent gap, the World Economic Forum Centre for Cybersecurity has launched the “Bridging the Cyber Skills Gap” initiative. The initiative builds on the Forum`s extensive research on the future of jobs and approaches towards reskilling across sectors.
The initiative brings together a multistakeholder group comprising industry leaders, government agencies, civil society and academia to create a strategic cybersecurity talent framework and devise actions to help individuals enter and thrive in the cybersecurity workforce.
Among other things, the initiative seeks to:
Raise awareness and share knowledge amongst C-suite executives and decision-makers about cybersecurity skills deficit and its economic and security implicationsDefine strategic approaches and processes that will help build sustainable cyber talent pipelines within organizations and across sectors and geographies
The Forum has also partnered with Salesforce, Fortinet and the Global Cyber Alliance to delivering free and globally accessible cybersecurity training through the Cybersecurity Learning Hub. This platform aims to democratize access to cybersecurity career paths and has already trained over 1.16M individuals spread across all continents.
World Economic Forum partner Absa, in collaboration with the Maharishi Institute, have also developed the Absa Cybersecurity Academy that is targeting some of the most disadvantaged groups in South Africa.
Read more about our impact
2. Data breaches continue to soar in 2023
The number of data breaches worldwide saw a 156% increase between Q1 and Q2 2023, according to new figures from VPN provider Surfshark.
A total of 110.8 million accounts were leaked in the second quarter of the year, equivalent to 855 every minute.
Almost half of these breaches were of accounts originating in the US, while Russia, Spain, France and Turkey made up the rest of the top five most breached countries.
The global average cost of a data breach has increased by 15% in the past three years, according to a new IBM report. Cost of Data a Breach 2023 reveals that 51% of organizations plan to improve their cybersecurity as a result of a breach.
3. News in brief: Top cybersecurity stories this month
Japan’s national cyber defence agency has been infiltrated by hackers, who may have had access to information for as much as nine months, the Financial Times reports. The attack on Japan’s National Center of Incident Readiness and Strategy for Cybersecurity began last autumn, with Chinese state-backed hackers thought to be behind it.
Basic cyber hygiene still protects against 98% of attacks, Microsoft says. The minimum standards every organization should adopt are: requiring phishing-resistant multifactor authentication; applying zero trust principles; using up-to-date anti-malware tools; keeping on top of systems and software updates; and protecting data.
The bonuses of top company executives are increasingly being tied to cybersecurity metrics. It is part of a trend to make cybersecurity a top-level consideration, with companies including Johnson & Johnson and the London Stock Exchange Group among those tying a portion of bonuses to a cyber goal in 2022.
The Five Eyes intelligence alliance has detailed how Russian state-sponsored hackers Sandworm are using an Android malware called Infamous Chisel to attack Ukranian soldiers’ devices, scan files, monitor traffic and steal sensitive information.
Microsoft has identified seven emerging hybrid warfare trends from Russia’s cyberwar with Ukraine. These include weaponizing pacifism by amplifying discontent about the war and stoking fears of World War III. Other tactics include demonizing refugees and mobilizing nationalism.
A cybercrime couple have pleaded guilty to trying to launder $4.5bn of Bitcoin stolen in a hack in 2016. Heather Morgan and Ilya Lichtenstein were arrested last year after police traced the funds. Prior to her arrest, Morgan released a series of rap videos under the name Razzlekhan.
4. More on cybersecurity on Agenda
The World Economic Forum’s Global Coalition for Digital Safety has produced a foundational language to define online harms. The aim is to create a common language to describe the problems of online harm so that regulators and tech firms can better work together to address it.
Consolidating cybersecurity tools and testing and augmenting resilience measures are among seven steps companies can take to control their cybersecurity spend without compromising on its effectiveness.
We need to be realistic about the impact of generative AI, Paul Swartz and Francois Candelon of the BCG Henderson Institute argue. Technology’s impact on productivity growth has been consistently overstated, they say, and analysts could be repeating that mistake with generative AI.