Looking Back to Move Forward

Welcome to the Retrospective – your summary of this week's top news in #cybersecurity. Stay informed and ahead of the curve with this concise and informative roundup, designed to keep you up to speed with all the latest developments shaping the industry. 

If you are a C-Suite executive, technology expert, cybersecurity specialist, compliance professional or simply interested in staying secure online, Retrospective has got you covered.

Subscribe to receive updates straight to your inbox.

Today's article is 791 words long, a 4-minute read.

Why China's State-Sponsored Cyberattacks Are of Global Concern

China, China, China! Donald Trump aside, Beijing's activities have raised significant concerns about global #cybersecurity. Microsoft researchers uncovered a state-sponsored group called Volt Typhoon targeting critical infrastructure organisations in the United States and Guam. The impacted entities include maritime, construction, education, transportation, utilities, manufacturing and many other sectors.

While the primary focus appears to be espionage, experts acknowledge the risk of escalation to more destructive behaviour. The technology giant expresses concern over their potential to disrupt communication between the United States and Asian countries during future crises — such as the possible invasion of Taiwan. And unfortunately, it's not the first time... Tsai Ing-wen's administration had previously attributed a cut in their country's internet cable as a "dry run" for an attack.

While some argue that it's speculation, we can't ignore the potential harm from this geopolitical manoeuvring (warranting heightened vigilance and proactive measures). So, as different countries grapple with the evolving threat landscape, developing advanced defence mechanisms will be vital in mitigating the potential exposure posed by cyberattacks in an increasingly interconnected world. Just as dynasties built the Great Wall to secure the integrity of China's borders, the West has to make a digital fortress to stay safe from malicious actors trying to get in.

It's interesting to see that even superpowers play tit for tat. The Chinese Cyberspace Administration has instructed operators to cease purchasing products from Idaho's chipmaker Micron Technology. The move comes amid a much broader decoupling between China and other democracies, as nations like the United States, Japan and the United Kingdom intensify their efforts to safeguard their advanced technology sectors.

As tensions rise, it is clear that international cooperation is urgently needed to address these issues. Nations must continue trying to establish frameworks and agreements that promote collaboration instead of confrontation. Of course, it is much easier said than done. To start moving forward, we must create an ecosystem encouraging engagement and transparency since we can only hope to navigate the complexities of the digital age through these collective efforts. Unfortunately, at least the way I see it, achieving meaningful dialogue to tackle these problems where all parties put aside their interest is just wishful thinking.

Link to 1st article: https://buff.ly/3qdSdEs

Link to 2nd article: https://buff.ly/3C4OyeM

Link to 3rd article: https://buff.ly/3xFZv4q

The Crucial Role of Top-Level Leadership in Building Digital Trust

Last Thursday, I had the pleasure of attending the ISACA In Pursuit of Digital Trust conference. One of the key takeaways was the importance of top-level leadership in #cybersecurity. Sue Milton, one of the speakers, asked the audience by a show of hands if they felt this was a significant factor in their workplace — there was unanimous agreement.

The boardroom's influence on governance is significant. Materiality, or the importance of specific issues, impacts a company's likelihood of success. Technology's role in companies is crucial now more than ever as we move from analogue to digital. Senior leadership must see data as the new gold and focus on the repositories where it is stored and shared. A bottom-up approach (with assets such as websites, applications and so on) can help translate requirements into tangible results.

So, where do we go from here? For starters, business continuity, ethical behaviour and privacy protection should be a top priority to succeed. A clear line of communication is also necessary to understand risks across all aspects of a business. To address the dependencies between BizOps, DevOps and SecOps, many organisations can confidently start navigating the threat landscape by implementing strategies that prioritise continuous monitoring. Resilience cannot be a one-time exercise.

And if this fails, it's a must to keep trying new methods to keep improving because the risks are too high to ignore. We must all strive to build digital trust by continuously adapting and evolving to develop a foundation that prevents cyberattacks. Meeting in person with industry peers and having open discussions about best practices, emerging threats and innovative solutions in settings like this is a great place to start.

Hats off to the ISACA Malta Chapter for hosting the event! I look forward to more initiatives from Giannella, Keith, Andrew and the rest of their team. Keep up the excellent work!

Link to event: https://buff.ly/3MYMtaM