Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Emerging security threats and trends

Who doesn’t enjoy some future-gazing? Cybersecurity so often involves reacting to what’s happened, but it’s always worth keeping one eye on what’s coming next. Two new reports have highlighted emerging trends for now and into the near future. ENISA, the EU’s cybersecurity agency, forecasts that supply chain attacks are the top emerging threat. Its Foresight Cybersecurity Threats for 2030 report describes this as “an after-effect of the expanding integration of third-party suppliers and partners in the supply chain, leading to new vulnerabilities and opportunities for attacks”.

Second on the list, up from tenth last year, is the skill shortage in security workforces. ENISA voiced concern over “organisational unwillingness to develop talent and bridge the educational gap”. Exploiting unpatched systems was a new entrant into the top ten, at number four. The executive summary is here, and the full report is free at this link. Meanwhile, Flashpoint’s Global 2024 Threat Intelligence Report also has data that looks forward, with a strong focus on reported data breaches, vulnerability disclosures and public ransomware attacks.

Real security for artificial intelligence

We’re now well into Q2 2024 and there’s no point putting it off any longer: it’s time to talk about AI. The big picture commentary tends to veer between positive and negative takes on where this is all going. SANS Institute tries to balance the potential for innovation with the possibility of risk. Working from the premise that AI will become ubiquitous, SANS’ advice for CISOs is to take proactive steps like putting in place transparency and explainability, human oversight and control, continuous threat monitoring, collaboration and communication. It also urges security leaders to invest in security research into the area. Infosecurity Magazine similarly adopts a helpful approach, with guidance on how to discover the right AI tools for a security strategy.

Earlier this year, the Australian Cyber Security Centre published guidance, co-developed with partners, on how to use AI systems securely. Aspen Institute has a high-level view of AI, cybersecurity and policymaking.

Also worth your time is this free hour-long talk by the always-excellent Mikko Hypponen, chief research officer at WithSecure and one of the foremost cybersecurity experts working today. His guest lecture for the University College London looks at how AI is shaping the types of crime we’ll be seeing in years to come, and considers what this means for defenders. Not so coincidentally, ENISA’s foresight report (see story above) ranked abuse of AI in its top ten threats over the remainder of this decade.

Data protection and privacy developments 

Cross-border cooperation between EU data protection regulators looks set to become easier under proposed new rules. The updated procedures are designed to resolve privacy complaints involving multiple Member States faster. They’re also intended to give more certainty to businesses. Meanwhile, the United States could be about to get its own version of the GDPR, as the American Privacy Rights Act has emerged in draft form. IAPP described the proposed bipartisan bill as “a surprise development”. The 53-page act “includes requirements on data minimisation, consumer rights to opt out of targeted advertising and view, correct, export or delete their data”, it reported. If passed, the legislation would restrict the kinds of personal data companies can collect, keep, use, and share.

Separately, Google has promised to delete billions of search records after its incognito mode turned out to be anything but. A class action lawsuit claimed that Google had been tracking people’s browsing activity when they believed their actions were private. The Guardian quoted David Boies, a lawyer for the plaintiffs, who called the settlement “a historic step in requiring honesty and accountability from dominant technology companies”.

Lastly, Professor Ross Anderson, security pioneer and digital rights campaigner, sadly passed away in early April. RIP.

Links we liked

Lessons learned from three of the worst unpatched flaws. MORE

Techniques for cloud computing forensics investigations. MORE

Businesses that do better at security, do better in business. MORE

Security leaders struggle with communicating to boards and executives. MORE

Cyber Ranch Podcast: how CISOs can inject clarity into communications. MORE

The UK NCSC has produced a CEO’s guide to responding to cyber incidents. MORE

A teachable moment: lessons learned from the Heartbleed breach, ten years on. MORE

A new Garda information booklet covers cybercrime risks and prevention tips. MORE

A new framework for assessing threats against the mobile ecosystem. MORE

Reviewing the largest Patch Tuesday of all time, along with Adobe updates. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here

About the Author: admin

Let’s Talk

Head Office

The LINC Centre,
Blanchardstown Road North,
Dublin 15, Ireland

Email

info@bhconsulting.ie

Call

+353 1 440 4065

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.